wechat-md-publish
PassAudited by VirusTotal on May 4, 2026.
Overview
Type: OpenClaw Skill Name: wechat-md-publish Version: 0.3.0 The skill provides a utility for publishing Markdown articles to WeChat, but the script `scripts/wx_publish.py` contains a potential Local File Inclusion (LFI) vulnerability. Specifically, the `process_local_images` function parses image tags from Markdown and uploads the referenced local files to WeChat's servers (`api.weixin.qq.com`) without path sanitization, which could be exploited to exfiltrate sensitive system files. While this functionality is aligned with the stated purpose of handling local assets, the lack of validation for file paths makes it a high-risk capability in an agentic environment.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone who can read this config or cached token may be able to act on the connected WeChat account within the token's permissions.
The skill requires WeChat Official Account application credentials in a local config file, granting API authority over that account. This is expected for the stated publishing purpose, but the registry metadata declares no primary credential or required config path.
cat > ~/.wechat_publish/config.json << 'EOF'
{
"app_id": "你的AppID",
"app_secret": "你的AppSecret"
}
EOFStore the config securely, restrict file permissions, rotate the AppSecret if exposed, and ensure the registry metadata declares the credential/config requirement.
Local images included in the article will be sent to WeChat; accidentally referenced private images could become part of the publishing workflow.
The skill explicitly uploads local images referenced by the Markdown article to WeChat and replaces them with WeChat URLs.
文章中的本地图片会自动上传到微信并替换 URL
Review Markdown image references before running the skill and use a dedicated article asset folder to avoid uploading unintended local files.
Using --publish can make article content public through the connected WeChat Official Account.
The skill can automatically publish after creating a draft when the --publish flag is used. This is documented and purpose-aligned, but public publishing is a high-impact action.
`--publish` | 否 | 创建草稿后自动发布
Use the default draft-only workflow first, and only add --publish after the user explicitly confirms the final content, cover, and account.
Installing packages or browser binaries changes the local environment and relies on the package sources available at install time.
The skill instructs user-directed installation of unpinned Python packages and, optionally, a Chromium browser for HTML card rendering.
pip install requests markdown ... pip install playwright playwright install chromium
Install in a virtual environment, prefer pinned versions or a reviewed requirements file, and only install Playwright/Chromium if HTML card rendering is needed.
If a user renders HTML from an untrusted source, that HTML may cause network activity during screenshot generation.
The script renders supplied HTML card content in a browser context. This is expected for HTML-to-image rendering, but untrusted HTML could load remote resources or run browser-side scripts during rendering.
page.set_content(html_content, wait_until="networkidle")
Render only trusted or freshly generated static HTML cards, avoid external scripts/resources, and consider adding network/script restrictions if this skill is expanded.