v1.0.0

WeChat Channel Live Replay

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 8:23 AM.

Analysis

The skill mostly matches its stated purpose, but it builds persistent output paths from user-provided channel/date strings without visible path containment, so a crafted request could make it write outside the intended folder.

GuidanceReview before installing. Use a dedicated TikHub token, install ffmpeg and Python dependencies from trusted sources, avoid passing untrusted or path-like values as channel names/dates, and verify generated files stay inside the intended OpenClaw workspace and analyzer input folders.

Findings (5)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityMediumConfidenceHighStatusConcern

export.py

script_dir = REPLAY_INPUT_BASE / args.keywords / args.date if args.date else REPLAY_INPUT_BASE / args.keywords
ensure_dir(script_dir)
txt_path = script_dir / "script.txt"

The output directory for the transcript is built directly from command-line arguments. Path separators or absolute paths in --keywords or --date could escape the intended live-replay-analyzer input directory.

User impactA crafted channel name or date could cause the skill to create or write files in an unintended local location, potentially affecting other skill inputs or workspace files.

RecommendationNormalize and validate --keywords and --date before using them in paths, reject absolute paths and '..' segments, and verify the final resolved path remains under the intended input directory.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceHighStatusNote

SKILL.md

source: https://github.com/your-repo/wechat-channel-live-replay
requirements:
  - python
  - "pip:requests"
  - "pip:openai-whisper"
  - "exec:ffmpeg"
  - "skill:douyin-video-transcriber"

The source URL appears placeholder-like and dependencies are unpinned/manual, while the registry has no install spec. This is not inherently malicious, but provenance and dependency versions are not well established.

User impactUsers may install different dependency versions or rely on unclear provenance, which can make behavior less reproducible.

RecommendationPublish a real source repository, pin package versions where practical, align registry requirements with SKILL.md, and clarify whether the referenced extra skill is actually required.

Unexpected Code Execution

SeverityLowConfidenceHighStatusNote

export.py

cmd = ['ffmpeg', '-i', video_path, '-vn', '-acodec', 'libmp3lame', '-y', audio_path]
result = subprocess.run(cmd, capture_output=True, text=True, encoding='utf-8', errors='replace')

The skill invokes the local ffmpeg executable to extract audio. This is disclosed and central to transcription, but it is still local command execution on downloaded media.

User impactThe skill depends on a local executable and processes downloaded video files on the user's machine.

RecommendationInstall ffmpeg from a trusted source, keep it updated, and run the skill only on media sources you intend to process.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityLowConfidenceHighStatusNote

export.py

token = get_config_value('tikhub_api_token', os.getenv('TIKHUB_TOKEN'))
headers = {
    'Authorization': f'Bearer {token}',
    'Accept': 'application/json'
}

The skill reads a local TikHub API token from OpenClaw config or an environment variable and sends it as a bearer token. This is expected for the TikHub integration, but the registry metadata declares no primary credential.

User impactInstalling or using the skill requires trusting it and TikHub with the configured API token.

RecommendationUse a dedicated, least-privilege TikHub token if possible, declare the credential requirement in registry metadata, and avoid sharing logs or config files that may contain tokens.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityLowConfidenceHighStatusNote

SKILL.md

`script.txt` 会自动保存到 `live-replay-analyzer` 的输入目录中。
用户可以直接调用 `live-replay-analyzer` 技能，使用本技能生成的文字稿来生成复盘报告。

The skill intentionally persists transcribed content for reuse by another skill. That is purpose-aligned, but the transcript should be treated as untrusted data when later analyzed.

User impactContent from a downloaded live replay may influence a later analysis workflow if the downstream skill treats the transcript as trusted instructions rather than data.

RecommendationKeep generated transcripts clearly separated from instructions, and have downstream analysis treat transcript text as untrusted source material.