Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
wechat-article-fetcher
v1.0.0微信公众号文章抓取工具。当用户发送微信文章链接、需要保存公众号文章、 想要离线阅读微信文章、提取微信文章内容、下载微信文章图片时自动触发。 支持 mp.weixin.qq.com 域名的所有文章链接。
⭐ 0· 96·0 current·0 all-time
by@aga-j
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description align with behavior: the code fetches mp.weixin.qq.com articles, extracts title/content, downloads images and video covers, and writes an HTML file for local preview. Required capabilities (network access, writing files) match the stated purpose.
Instruction Scope
SKILL.md instructs running fetch.sh/fetch.py which is consistent with the files. Implementation details include a few notable points: (1) fetch.py downloads every image URL found in the article HTML (expected for image saving), but that means the agent will make arbitrary outbound HTTP requests for embedded URLs — this could fetch content from arbitrary hosts if embedded URLs are malicious; (2) the Python script prompts via input() when the URL doesn't start with the expected domain, which may block automated agent runs; (3) file paths used in code are absolute (/root/.openclaw/workspace) while the documentation sometimes references ~/.openclaw/workspace or relative workspace/, so there is inconsistency about where files are stored.
Install Mechanism
No install spec; this is an instruction+script skill. It relies on Python and the 'requests' package as documented. Nothing is downloaded from obscure URLs or executed from remote archives during install.
Credentials
The skill requests no environment variables or credentials, which is appropriate. However, it writes into an absolute path (/root/.openclaw/workspace) and spawns an HTTP server (python -m http.server) on a user-specified port (default 8080). The hardcoded root path is inconsistent with some docs and could fail or behave unexpectedly depending on the agent's runtime user privileges.
Persistence & Privilege
The skill is not 'always:true' and does not request special platform privileges. It runs as a normal skill, writes files in a workspace directory, and may start a local HTTP server for preview — these are reasonable for its purpose and confined to the skill's own workspace.
What to consider before installing
This skill appears to implement the advertised WeChat article saving functionality, but review before installing: 1) Code writes files into /root/.openclaw/workspace (hardcoded) — check/adjust the path if you won't run the agent as root. 2) The script will fetch every embedded image/video-cover URL it finds; that means it will make outbound HTTP requests to hosts referenced in the article — avoid running it on untrusted articles if you want to prevent SSRF or unexpected network access. 3) It spawns a local HTTP server (python -m http.server) on port 8080 by default — ensure this is acceptable for your environment. 4) The script uses input() to prompt if the URL isn't clearly a mp.weixin.qq.com link, which may block automated execution. Recommended actions: inspect the fetch.py/fetch.sh code yourself (or run in an isolated sandbox/container), run with limited network access if concerned, and/or change the workspace path to a user-owned directory before use.Like a lobster shell, security has layers — review code before you run it.
latestvk977pf5jdgdzxk8e8npjhayfh183c4sg
License
MIT-0
Free to use, modify, and redistribute. No attribution required.