ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Wechat Publisher Skill

v2.0.3

Automatically collects 32 AI news items, formats in fixed block layout v3.0 HTML, and publishes drafts to a WeChat official account with customizable schedul...

0· 23·0 current·0 all-time
by@403914291·duplicate of @403914291/wechat-publisher-skill
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description (WeChat publisher) align with the code and docs: it needs a WeChat AppID/AppSecret and calls the WeChat API. However there are inconsistencies: registry metadata declares no required env/config, yet SKILL.md and config/default.json require app_id/app_secret and the script reads them. The documentation and SKILL.md also reference additional files (install.sh, activate.py) and Windows paths (D:\news) that are not present in the file manifest — this mismatch weakens confidence in the package's stated surface.
!
Instruction Scope
Instructions and docs instruct operations beyond simple publishing: they reference reading a local cache (D:\news or memory/ files) for de‑duplication and writing usage/license/token files into a memory directory. Troubleshooting docs explicitly recommend 'hard‑coding' AppID/AppSecret into scripts as the 'recommended' solution for environment problems — that is dangerous and expands the skill's runtime scope to storing credentials in source files. The docs also tell users to call external IP endpoints (ip-api.com) to determine outbound IP for WeChat whitelist setup (reasonable) but the combination of local path access + credential storage guidance is concerning.
Install Mechanism
No install spec is provided (instruction-only in registry) but the package includes a Python script that requires the requests library and will abort if missing. The docs list system prerequisites (Node.js, Python) and describe an install flow, but the manifest lacks an actual install script. This mismatch (no declared installer despite instructions and dependencies) is a moderate red flag — nothing is being downloaded from unknown URLs, however.
!
Credentials
As expected the skill requires WeChat credentials (AppID/AppSecret) to operate. But the registry metadata declares no required env vars while the code reads WECHAT_APP_SECRET from the environment and the docs require AppID/AppSecret in config — an inconsistency. More importantly, troubleshooting docs recommend storing secrets directly in scripts (hard‑coding) and the skill writes token/usage/license to local files. The skill does not request unrelated external credentials, but the handling/storage guidance for secrets is insecure and disproportionate.
Persistence & Privilege
The skill does not request always:true or other elevated platform privileges. It caches tokens, logs, usage and license info under its own memory directory (normal for a skill). There is no evidence it attempts to modify other skills or global agent settings.
What to consider before installing
This skill appears to be a legitimate WeChat publisher, but there are several issues you should consider before installing: - Required secrets: the skill needs your WeChat AppID and AppSecret (expected). Do NOT follow the docs' recommendation to "hard‑code" these into scripts — instead store them in a protected config or environment variable and limit file permissions. - Manifest/document mismatch: the registry metadata omits required config/env declarations and the SKILL.md/documents reference files and install scripts that are not present. Treat the package as somewhat untrusted until the author clarifies these inconsistencies. - Local file access: docs reference comparing/reading a cache at D:\news and the skill writes token/usage/license files under its memory directory. Verify what local files the skill will read/write and ensure it won’t access sensitive directories you care about. - Dependency handling: the Python script depends on requests; because there is no install spec, the skill may fail or prompt you to pip‑install dependencies. Consider installing in a controlled environment (container or VM) first. - Payment/activation: the buy/activation flow involves contacting third‑party accounts (WeChat, email). If you plan to pay, verify the seller independently (e.g., GitHub repo, trusted contact) before sending money. If you want to proceed, run the skill in an isolated environment (or review the rest of the script not shown here) and confirm the script's exact filesystem reads/writes and network calls. Ask the maintainer to (1) declare required env/configs in the registry metadata, (2) remove the hard‑coding recommendation, and (3) provide a reproducible install/verification procedure.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bjjzegcxd057hsgbhzt4q3h847731

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments