ClawHub
Back to skill
v1.0.0

wechat-article-fetcher

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 7:58 AM.

Analysis

The skill appears to fetch WeChat articles as advertised, but it automatically starts a background web server that serves the whole OpenClaw workspace, which users should review before installing.

GuidanceInstall only if you are comfortable with the skill downloading article assets and creating local files. Before using the preview feature, consider editing the script to bind the server to 127.0.0.1, serve only a dedicated output folder, and stop the server when finished.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Rogue Agents
SeverityMediumConfidenceHighStatusConcern
fetch.sh
cd /root/.openclaw/workspace && python3 -m http.server $PORT > /dev/null 2>&1 &

The fetch workflow starts a Python HTTP server as a background process. The artifacts do not show a stop command, lifetime limit, or user confirmation before leaving the server running.

User impactAfter fetching an article, a web server may continue running beyond the immediate task.
RecommendationPrompt before starting the server, bind it explicitly to 127.0.0.1, add a clear stop command or automatic timeout, and document the persistence.
Agentic Supply Chain Vulnerabilities
SeverityLowConfidenceHighStatusNote
README.md
pip install requests

The documented manual setup installs an unpinned dependency. This is purpose-aligned for the fetcher, but users and maintainers should prefer pinned dependencies and registry-declared install requirements.

User impactInstallation may depend on whatever version of the package resolver selects at install time.
RecommendationDeclare Python and requests in the registry/install spec and pin or constrain dependency versions.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication
SeverityMediumConfidenceHighStatusConcern
fetch.sh
cd /root/.openclaw/workspace && python3 -m http.server $PORT

The server is launched from the entire OpenClaw workspace directory rather than a dedicated output folder or single generated article file, and the command shows no access control or explicit localhost-only binding.

User impactFiles in the workspace other than the fetched article may be browseable while the server is running.
RecommendationServe only a dedicated article-output directory, disable directory listing if possible, bind to localhost, and avoid exposing the whole workspace.