Skillv1.0.0

ClawScan security

wxgzh-mcp · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 14, 2026, 8:38 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code mostly matches its WeChat-draft-management description, but there are several coherence and operational concerns (missing Dockerfile, undeclared credentials in registry metadata, and a network service exposure) that merit caution before installing.
Guidance: This skill appears to implement the advertised WeChat draft and media features, but review these before installing: 1) Provide AppID/AppSecret only via a secure config.json and do not store the file in an unsecured/shared folder; the registry metadata did not declare these credentials so verify config handling. 2) The repo includes docker-compose.yml but no Dockerfile in the manifest — docker-compose build may fail; ask the author for the Dockerfile or use the pip-based instructions in README/SKILL.md instead. 3) Running this will start a FastMCP server and (per compose) expose port 8765 — run inside an isolated environment or restrict network access. 4) Verify the fastmcp package source and version before installing (supply-chain risk). 5) If you must run it, do so in a container/VM with limited privileges, keep config.json protected, and avoid mounting host directories with sensitive data.

Review Dimensions

Purpose & Capability: noteThe code and SKILL.md implement WeChat Official Account draft and media management as advertised (token, upload, create/list/delete/publish drafts). However the registry metadata claims no required credentials/env vars while the runtime requires a config.json containing AppID and AppSecret — the skill expects sensitive credentials but did not declare them in the registry metadata.
Instruction Scope: noteRuntime instructions stay within the stated purpose (use WeChat APIs, upload images, create drafts). The SKILL.md also instructs querying a public IP service (api.ipify.org) to set a WeChat whitelist — this is expected for WeChat API use. One oddity: docker-compose is provided but SKILL.md primarily shows pip-based local runs; the compose file would mount host config and uploads, which is reasonable but increases surface area.
Install Mechanism: concernThe package is instruction-only (no automated install spec), with a requirements.txt listing fastmcp and requests (expected). However docker-compose.yml references building the image from '.' but no Dockerfile is present in the repository manifest — attempting docker-compose build will likely fail. The inclusion of docker-compose (and a mount of config.json and uploads) without a Dockerfile or clear build instructions is an operational inconsistency.
Credentials: noteThe skill legitimately needs AppID and AppSecret for the WeChat API and expects them in a plaintext config.json or via WECHAT_MCP_CONFIG env var (docker-compose sets this). That access is proportionate to the purpose. Note: registry metadata did not declare required credentials; also the secrets are stored in a config file that the docker-compose mounts from the host (read-only) — users should ensure the file is protected and not placed in a shared location.
Persistence & Privilege: noteThe code runs an MCP server (FastMCP) and docker-compose exposes port 8765. While the skill does not set always: true or modify other skills, starting a network service on the host/container increases attack surface and could expose the tool remotely if deployed without firewalling. This is expected for an MCP service but worth explicit attention.