微信公众号文章抓取

WarnAudited by ClawScan on May 10, 2026.

Overview

The skill’s WeChat scraping purpose is clear, but it ships and uses a hard-coded WeChat session cookie instead of the user-provided cookie described in its instructions.

Do not install or run this skill until the hard-coded WeChat cookie is removed. If you choose to use it later, provide your own WeChat cookie only through a clearly declared secure configuration path and understand that it grants authenticated access to your WeChat public-platform session.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

High

#ASI03: Identity and Privilege Abuse

What this means

Installing or running the skill could use or expose an existing WeChat account session rather than a clearly user-supplied credential.

Why it was flagged

The script embeds WeChat session/account cookies and later sends them in Cookie headers to mp.weixin.qq.com, despite the skill metadata declaring no credential requirement.

Skill content

cookie_str = """ua_id=...; wxuin=...; data_ticket=...; slave_sid=...; ...; wxtokenkey=777"""

Recommendation

Remove all hard-coded cookies, declare the WeChat cookie as a required credential, load it only from a user-controlled secure location, and document exactly what account access it grants.

Medium

#ASI09: Human-Agent Trust Exploitation

What this means

The skill’s credential behavior is materially different from what a user would expect from the setup instructions.

Why it was flagged

The code defines the documented cookie-file path but does not read it; users may believe their configured cookie file is used while the shipped hard-coded cookie is actually used.

Skill content

COOKIE_FILE = os.path.expanduser("~/.openclaw/skills/wechat-article/scripts/wechat_cookie.env") ... def load_cookie(): ... return cookie_str

Recommendation

Make the implementation match the documentation: read the cookie from the documented file or environment variable, fail closed when missing, and clearly warn users before using session credentials.

Low

#ASI04: Agentic Supply Chain Vulnerabilities

What this means

The skill may rely on whatever requests package is already present in the runtime environment, which can create setup ambiguity.

Why it was flagged

The script depends on the Python requests package, while the provided install information declares no install spec or dependency requirements.

Skill content

import requests

Recommendation

Declare Python package dependencies explicitly and pin or document expected versions.