Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
WeChat Article Extractor
v1.0.0Extract metadata and content from WeChat Official Account articles. Use when user needs to parse WeChat article URLs (mp.weixin.qq.com), extract article info...
⭐ 0· 57·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's name/description align with the code in scripts/extract.js: it fetches mp.weixin.qq.com / sogou pages, parses HTML, and returns structured metadata. However, convert.js (included in the bundle) performs unrelated local filesystem reads and writes to absolute paths in /Users/canghe/..., which is not required for the extractor's described runtime behavior and looks like a leftover developer utility.
Instruction Scope
SKILL.md and the primary extract.js only describe fetching remote pages and parsing HTML. They do not instruct reading arbitrary local files. Despite that, convert.js will read a specific file (/Users/canghe/.claude/.../tool-results/b97eb13.txt) and write to /Users/canghe/Downloads/..., which is outside the stated scope and could expose local data if executed. The presence of this script expands the actionable surface beyond what the SKILL.md describes.
Install Mechanism
There is no install spec (instruction-only skill). All dependencies are standard npm packages listed in package.json/package-lock.json; nothing is downloaded from unusual URLs in the manifest. No archive downloads or remote installers are declared.
Credentials
The skill declares no required environment variables or credentials. extract.js performs HTTP requests to target pages and parses content; no secrets or cloud credentials are requested. (Note: transitive packages in package-lock include many common dependencies — not evidence of credential needs.)
Persistence & Privilege
Flags are default (always:false, user-invocable:true). The skill does not request persistent presence or modify other skills or system-wide settings in the manifest. The main concern is the included convert.js file, not persistent privileges.
What to consider before installing
This skill's extractor script (scripts/extract.js) appears coherent with the stated purpose and is likely safe to review; however, do NOT run convert.js without inspecting it first. convert.js contains hard-coded absolute paths that read from /Users/canghe/... and write to /Users/canghe/Downloads/..., which is unrelated to normal extraction and could read sensitive local files on your machine. Before installing or running the skill: 1) Inspect or remove convert.js (it's a developer utility, not required for extraction). 2) Run the skill in a sandboxed/isolated environment (container or VM) if you intend to execute the included scripts. 3) If you only need extraction, run scripts/extract.js and review network behavior (it issues HTTP GETs to target sites). 4) Consider locking down network access or rate-limiting to avoid scraping-related blocks. If you want higher assurance, ask the author to explain/clean up convert.js or supply a version of the package without files that access absolute local paths.scripts/extract.js:326
Dynamic code execution detected.
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.Like a lobster shell, security has layers — review code before you run it.
latestvk97b4ce46c6dp4bdet98phmtw184e485
License
MIT-0
Free to use, modify, and redistribute. No attribution required.