Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Content System Wechat Formatter
v1.0.1Render article markdown into WeChat-style HTML as an independent executor. Use when Codex needs公众号排版预览, WeChat HTML output, or a publishable HTML artifact ge...
⭐ 0· 55·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's name, README, and SKILL.md all describe a straightforward Markdown→WeChat HTML formatter and declare no external credentials or binaries. However, runtime.py inserts the hardcoded path /Users/Abigale/.codex/skills/wechat-article-workflow/scripts onto sys.path and imports wechat_html_renderer from that location — a dependency unrelated to the stated packaged files and not justified by the description. A properly packaged formatter would either include its renderer or use a relative/packaged import; the absolute user-home path is unexpected and disproportionate.
Instruction Scope
SKILL.md gives narrow, focused runtime instructions (read markdown, render via the shared runtime, write HTML to content-production/ready). The instructions don't ask for unrelated filesystem or credentials. However, the SKILL.md references 'shared runtime' and other internal pipeline files — combined with the runtime.py import behavior this increases the scope of what actually runs at execution time (it will pull code from an external path).
Install Mechanism
There is no install spec (instruction-only), which is low risk in general — but runtime.py's reliance on an absolute, external script directory (not included in the file manifest) means code outside the packaged skill would be executed if present. That is effectively a hidden install/runtime dependency and raises risk because arbitrary code from that path would run without being packaged or reviewed.
Credentials
The skill declares no required env vars or credentials (appropriate). Nevertheless, runtime.py directly references a hardcoded filesystem location in a user home (/Users/Abigale/...). This is equivalent to requesting access to user-local resources and is disproportionate to the stated needs — it may cause execution of code outside the skill bundle or silently fail if the path is absent.
Persistence & Privilege
The skill is not always-enabled, does not request elevated privileges, and there is no indication it modifies other skills or global agent configuration. Autonomous invocation is allowed (platform default) but not combined here with other high-risk privilege requests.
What to consider before installing
This skill's declared purpose (render Markdown to WeChat-style HTML) is reasonable on its face, but runtime.py contains a hardcoded absolute path into a developer's home directory and imports a module from there (wechat_html_renderer). That means: (1) at runtime, code outside the packaged files could be executed if that path exists; (2) the skill will likely fail or behave unpredictably if the external module isn't present; (3) this is a packaging/design issue that could be malicious if the external module were replaced. Before installing or running: ask the author to bundle or vendor the renderer (or change to a relative/importable dependency), or provide an install step that fetches a vetted package; inspect the wechat_html_renderer implementation for network calls or file access; run the skill in a sandboxed environment; and avoid granting access to sensitive systems until the dependency and import behavior are corrected. If you cannot verify the external module, treat this skill as untrusted.Like a lobster shell, security has layers — review code before you run it.
latestvk970g29gcjtxs30bsk7w61ke5s84cjv9
License
MIT-0
Free to use, modify, and redistribute. No attribution required.