wechat-article-skill
v0.0.1微信公众号文章链接处理。当用户发送微信公众号文章链接时,自动获取并提取文章内容。 触发条件:(1) 用户发送 http(s)://mp.weixin.qq.com/s/ 开头的链接 (2) 用户请求获取公众号文章内容
⭐ 0· 197·0 current·0 all-time
byAlien@alienhub
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description match the included script and instructions: a small CLI that fetches mp.weixin.qq.com/s/ pages and extracts #page-content. No unrelated environment variables, binaries, or external services are requested.
Instruction Scope
SKILL.md restricts operations to running the local get_content.py script (preferred) and, only if that fails, using the agent's browser tool to navigate and snapshot the page. This stays within the stated purpose. Note: using the browser tool may cause the page and its resources to be rendered/handled by the platform's browser service (possible third-party exposure depending on the platform).
Install Mechanism
No automated install spec in the registry; the README/SKILL.md instructs users to pip install the listed Python dependencies (beautifulsoup4, certifi). This is proportionate and expected for a Python parsing script; nothing is downloaded from unknown/personal URLs.
Credentials
No credentials, secret environment variables, or config paths are requested. The script only uses standard HTTP requests + certifi and parses HTML—no disproportionate access is required.
Persistence & Privilege
Skill is not forced-always (always: false) and does not request persistent privileges or modify other skills. Autonomous invocation is allowed by default but is normal for skills and not combined with other red flags here.
Assessment
This skill appears to do exactly what it says: run the included Python script to fetch a WeChat article and extract the #page-content. Before installing/using: (1) run the script source locally to verify behavior; (2) pip install dependencies inside a virtualenv to avoid affecting your system Python; (3) be aware that falling back to the agent's browser tool may cause the page (and any content you request) to be rendered/handled by the platform's browser service—consider privacy of article contents and images; (4) if you need stricter guarantees, inspect/modify the script to limit what is fetched or to redact sensitive content before sending to the model.Like a lobster shell, security has layers — review code before you run it.
latestvk973gas2xcrnnw6et94n23pqvh82yk8m
License
MIT-0
Free to use, modify, and redistribute. No attribution required.