ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

WeChat Article to Obsidian

v1.1.0

Save WeChat public account articles (微信公众号文章) as clean Markdown notes in Obsidian. Use this skill whenever the user shares a mp.weixin.qq.com link and wants...

0· 49·1 current·1 all-time
byAmo@amortalsodyssey
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description, required tools (curl, Node.js, optional obsidian CLI), and the scripts (fetch/parse/save) are coherent for saving WeChat MP articles to an Obsidian vault. No unrelated cloud credentials or weird binaries are requested.
!
Instruction Scope
SKILL.md instructs only the actions needed (curl → parse → save). However, the save script builds and execs a shell command embedding the note content directly into the command line (obsidian create ... content="<content>"). The content is only minimally escaped (quotes and $), leaving other metacharacters (backticks, backslashes, newlines, etc.) that can cause shell interpretation — a potential command-injection vulnerability. The save fallback also searches the user's home directories for vaults and writes files to disk, which is expected but means the skill has write access to your notes.
Install Mechanism
No remote downloads or install steps; it's an instruction-only skill with local scripts. That lowers supply-chain risk — nothing is pulled from external URLs during install.
Credentials
The skill requests no environment variables or external credentials. It reads HOME/USERPROFILE to locate vaults and uses a local config.json for vault name/path — this is proportional to its function.
Persistence & Privilege
always:false and no attempts to modify other skills or system-wide agent settings. The skill does write a local config.json and saves notes into the user's vault (expected for this functionality).
Scan Findings in Context
[child_process_execSync] expected: The save script uses child_process.execSync to call the obsidian CLI, check for the binary (which obsidian), and run rm. Using child processes is expected to invoke obsidian-cli, but it must be done safely.
[shell_injection_vulnerable_obsidian_create] unexpected: The code embeds the note content into a shell command string passed to execSync with only minimal escaping (quotes and $). Backticks, backslashes, or other characters in article text or title could allow arbitrary shell execution. This is a security vulnerability, not required by the feature and should be fixed before running on untrusted input.
[fs_write_config_and_vault_files] expected: The scripts read/write config.json and write files into the Obsidian vault (direct write fallback). This is necessary for saving notes, but it means the skill will create files on your disk.
What to consider before installing
This skill appears to do what it says (fetch WeChat articles, convert to Markdown, save to Obsidian), but review and/or patch the save script before using it on real content. Specifically: - The save script builds a shell command that embeds the note content; that can be exploited if an article contains special shell characters (backticks, etc.). Prefer a safe invocation (use execFile/spawn with argument arrays or pass content via a temp file that the CLI reads) or sanitize/escape all shell metacharacters. - Inspect scripts locally (scripts/save.mjs and where execSync is used) and test in a sandboxed environment first. - Install and prefer obsidian-cli so the script doesn't need to guess vault paths; confirm the CLI call accepts content via a file or an argument array (safer) rather than inlined content. - Because the skill writes files to your vault, don't give it access to any vault containing secrets you don't want modified. If you want, I can point out the exact lines to change in save.mjs and suggest a safer implementation (execFile/spawn or temporary file + CLI argument).
scripts/save.mjs:73
Shell command execution detected (child_process).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk97d98g48s4ehps64md7q8jgxs84214q

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments