ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Wechat Publisher Skill

v2.0.3

Automatically collects AI news, formats in HTML block layout v3.0, and publishes 32 news items to WeChat public account draft with scheduling and deduplication.

0· 25·0 current·0 all-time
by@403914291·duplicate of @403914291/wechat-publisher-skill
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The SKILL.md and included scripts clearly require a WeChat AppID and AppSecret and access to the user's WeChat material library, yet the registry metadata lists no required environment variables or credentials. The documentation claims a fixed 'block-v3' template and 32 items, but config/default.json defaults to v5-simple and 15 items; templates referenced in docs and code are inconsistent. The skill also references local cache paths (e.g., D:\news) and writes license/usage files under its memory dir — reading/writing local files is plausible for deduplication, but the mismatch between declared and actual requirements is an incoherence the user should understand.
!
Instruction Scope
Runtime instructions and docs direct the agent to read local caches (memory/, D:\news), load/save config and license files, call external services (ip-api.com to detect public IP) and the WeChat API, and run diagnostics that reveal config contents. Troubleshooting explicitly suggests hard-coding AppID/AppSecret into scripts when environment variables are 'unavailable' — that expands scope to storing secrets in plaintext files and logs. The instructions also guide purchase/activation flows (openclaw skill buy) that involve contacting external parties; none of these extra steps are reflected in the registry metadata.
Install Mechanism
There is no external install script or remote download referenced by the registry — this is an instruction-and-code bundle included in the skill archive. No high-risk external installers or URL downloads are present in the provided files. The code depends on requests (Python) which is a standard library dependency.
!
Credentials
Requesting AppID/AppSecret is proportionate for publishing to a WeChat public account. However, the registry did not declare these credentials, and the docs/code recommend insecure practices (hard-coding secrets into scripts, storing them in config files, diagnostic outputs that reveal partial secrets). The skill reads local caches and a Windows D:\news path (presented as dedup cache) — access to arbitrary local paths should be limited and clearly justified. Overall the secret-handling guidance is unsafe and not properly reflected in metadata.
Persistence & Privilege
The skill does not set always:true and does not attempt to modify other skills or global agent configuration. It writes token/usage/license files into its own memory directory (normal for this type of tool). Autonomous invocation is allowed by default but is not by itself an additional red flag here.
What to consider before installing
Key things to consider before installing: - Don’t trust the registry metadata alone: this skill actually needs your WeChat AppID and AppSecret but the registry lists no required credentials — confirm with the publisher before supplying secrets. - Inspect publish.py fully (and run it in a sandbox) to see every network endpoint it calls. It legitimately calls api.weixin.qq.com for tokens, but the docs also instruct use of ip-api.com and include diagnostic scripts that may reveal secrets; verify there are no hidden remote endpoints or telemetry to unknown hosts. - Never hard-code AppSecret/AppID into scripts or store them in world-readable files. If you must use this skill, prefer storing secrets in a secure vault or environment variables and restrict file permissions on config files. - The docs recommend reading/creating files under D:\news and memory/ — check what local files the skill will read to ensure it won't accidentally exfiltrate unrelated data. - Template/setting inconsistencies (block-v3 vs v5-simple, news_count 32 vs 15) suggest sloppy packaging — ask the maintainer for a canonical source (GitHub repo or official homepage) and a clear security/privacy statement. - If you want to proceed for testing: run the skill in an isolated environment or sandbox, restrict outbound network access to only api.weixin.qq.com and the WeChat media endpoints, and monitor file writes/reads and network connections. If you need, I can: (1) point out specific lines in publish.py to inspect further, (2) produce a minimal checklist to sandbox and test the skill safely, or (3) draft a short message you can send to the maintainer requesting clarification about credentials, telemetry, and template/version mismatches.

Like a lobster shell, security has layers — review code before you run it.

latestvk977s4gcm83kkayjwtj1ky4z39846j6g

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments