Wechat Look
v1.0.1读取微信公众号文章的专用工具,支持OCR文字识别。自动规范化URL并提取文章内容,识别图片中的中英文文字。
⭐ 0· 84·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (WeChat article extraction + OCR) match the provided Python and Node.js code: URL normalization, HTML extraction, downloading images, and invoking local Tesseract.js-based OCR. No unrelated credentials, binaries, or config paths are requested.
Instruction Scope
Runtime instructions and SKILL.md are focused on fetching WeChat article HTML, extracting image URLs, and running local Node.js OCR subprocesses — all within the stated purpose. Note: the runtime will perform network requests (fetch article HTML and download any images referenced in the page), and will spawn Node processes. Those are expected for this skill but are relevant privacy/security considerations (see guidance).
Install Mechanism
There is no platform install spec, but SKILL.md directs the user to run 'cd ocr_node && npm install'. The package.json/package-lock pull tesseract.js and node-fetch from the npm registry. This is a standard approach (moderate risk): npm packages can run install scripts and bring transitive dependencies, so verify packages before installing. No arbitrary URL downloads or unknown hosts are used in install steps.
Credentials
The skill requests no environment variables or credentials and the code does not read any secrets. The network access it needs (HTTP requests to WeChat pages and to image URLs) is proportional to OCR/extraction functionality.
Persistence & Privilege
Skill flags are default (not always:true). It does not request persistent system-level privileges or attempt to change other skills' configs. It spawns subprocesses and installs node modules in its own directory (normal for this architecture).
Assessment
This skill appears coherent for reading WeChat articles and performing OCR, but before installing consider: (1) It will fetch article HTML and download every image referenced in the page — those image URLs are external and may reveal that you requested that page (privacy/fingerprinting). (2) The Node layer requires running 'npm install' which will install tesseract.js and other npm packages; npm packages can execute install scripts, so inspect package.json/package-lock and prefer installing in an isolated environment (container or sandbox) if you are cautious. (3) tesseract.js may attempt to fetch language model / WASM assets at runtime depending on configuration; this implies additional network access beyond image downloads. (4) The skill spawns local Node processes (subprocess) to perform OCR; confirm your environment policy allows executing the bundled scripts. If these behaviors are acceptable, the skill's footprint is proportionate to its purpose. If you need to limit exposure, run it in an isolated runtime, review the node modules, or modify the OCR scripts to use pre-downloaded language models.Like a lobster shell, security has layers — review code before you run it.
latestvk97fv8v7t849qeb718j2y84fah84gz5k
License
MIT-0
Free to use, modify, and redistribute. No attribution required.