Skillv1.0.0

ClawScan security

Doc Publisher · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 22, 2026, 6:42 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill broadly matches its stated purpose (converting local Markdown and publishing to a WeChat public account) but contains multiple inconsistencies and risky practices (missing declared env requirements, example scripts referencing other projects/paths, destructive utilities and hard-coded example credentials) that warrant review before use.
Guidance: This skill appears to do what it says (convert Markdown and publish to a WeChat public account) but has multiple red flags you should address before running it with real credentials: - Do not use any example APPID/SECRET/THUMB_MEDIA_ID shown in the readme or SKILL.md — treat them as placeholders. Replace with your own credentials stored in a local .env and never upload that file. - Inspect src/wechat-api.js and src/doc-publisher.js before running to confirm which network endpoints are called and how tokens are used. Look for any hard-coded or unexpected external endpoints. - Search the code for 'deleteDraft', 'getAllDrafts', or similar destructive functions. The package ships scripts that will delete all drafts (scripts/clear-all-drafts.js and scripts/clear-and-publish.js). Back up your account/drafts before running those. - Examples reference other repositories/paths (e.g., '../../wechat-publisher/...', C:\Users\LIYONG\...). Ensure you understand and provide any missing components rather than assuming those other codebases exist. - Consider running the scripts in a sandbox or on a test WeChat account first. Monitor network calls (or run in an environment with network logging) if you lack confidence. If you want, I can: (1) list the specific files and lines that call network APIs or delete drafts (if you provide src/wechat-api.js), (2) search the bundle for 'delete', 'media_id', or suspicious hosts, or (3) produce a minimal safe checklist to run a single conversion locally without publishing.

Review Dimensions

Purpose & Capability: noteThe skill's name/description (Markdown → WeChat publishing) matches the code and examples: conversion functions, publishing scripts, and a wechat-api module are present. However the registry metadata claims 'Required env vars: none' while SKILL.md and many scripts require a .env with WECHAT_APPID / WECHAT_SECRET / WECHAT_THUMB_MEDIA_ID — this is an inconsistency. Several example scripts also import code from a different path ('../../wechat-publisher/...') which suggests an undeclared dependency or assumption about the developer's workspace.
Instruction Scope: concernRuntime instructions and example scripts instruct the agent / user to read arbitrary local files and directories (many hard-coded Windows paths like D:\DocsAutoWrter\..., C:\Users\LIYONG\.openclaw\...), write preview HTML files, and call wechat-api methods. There are also destructive helper scripts (clear-all-drafts.js and clear-and-publish.js) which delete all drafts in the connected WeChat account. The SKILL.md explicitly asks users to create/populate a .env with sensitive keys. The scope is appropriate for a publisher tool, but the examples' hard-coded external workspace paths, cross-repo imports, and global-deletion scripts expand the blast radius and require user caution.
Install Mechanism: okNo install spec (instruction-only skill) — the code is included in the skill bundle, so nothing is downloaded on install. That reduces install-time risk. Still, the package contains executable JS scripts that will run on the user's machine when invoked.
Credentials: concernThe skill logically needs WeChat credentials (APPID/SECRET and optional thumb media id) but the package metadata does not declare required env vars — a mismatch. The SKILL.md and README include example APPID/SECRET/THUMB_MEDIA_ID values (hard-coded sample strings), which is poor hygiene and could confuse users into using example credentials or exposing secrets. Scripts access process.env.WECHAT_THUMB_MEDIA_ID and fall back to a hard-coded thumb ID value in many places; this is surprising and should be reviewed.
Persistence & Privilege: okalways:false and the skill is user-invocable. It does not claim to require always-on presence or to modify other skills' configuration. However, because it can be run autonomously (default), a skill that can publish or delete drafts has a notable operational impact if invoked without care — combine that with the deletion scripts to justify caution.