Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
WeChat Article Scraper Pro
v1.0.0微信公众号文章批量抓取工具,支持批量抓取公众号历史文章、导出为Markdown/HTML格式、自动提取封面图、标签、阅读量等数据。集成SkillPay支付接口,每次调用收0.001USDT。
⭐ 0· 70·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The name/description (WeChat article scraper with paid usage) matches the included code and UI: the app exposes endpoints to create tasks, scrape (simulated) articles, store them in a local sqlite DB and export. Including a payment integration (SkillPay) is coherent with the stated per-use charge in the description. However, metadata declares no required environment variables or credentials while both SKILL.md and scripts/app.py embed a SkillPay API key and a Flask SECRET_KEY in plaintext — that mismatch (no declared credentials but secrets baked into the package) is unexpected and should be questioned.
Instruction Scope
SKILL.md instructs running the Flask app locally and includes the SkillPay API key inline. The runtime instructions and templates direct users to an external SkillPay billing/payment endpoint and to open external payment URLs. The app code enforces payment checks before most endpoints. There is no instruction to obtain or store user credentials, but the skill unambiguously transmits data to skillpay.me for billing. The SKILL.md also claims data is stored locally (true), but it exposes a payment API key in the repo which can be abused if it's valid.
Install Mechanism
This is an instruction-only skill with a code file and no install spec — no third-party install steps, no downloads from arbitrary URLs, and dependencies are standard Python packages. Risk from install mechanism is low. (Note: the code will create local data directories and write files when run, which is expected for this app.)
Credentials
The package declares no required env vars or primary credential, yet it hard-codes two secrets: SKILLPAY_API_KEY (a long sk_... key) and Flask SECRET_KEY inside scripts/app.py and exposes the API key again in SKILL.md. Hard-coding and publishing a private API key in distributed code is unsafe and disproportionate — either the key belongs to the skill author (so payments go to them) or it's a leaked/compromised credential. The skill does not ask for unrelated credentials, but the presence of embedded secret(s) and lack of guidance to replace them is a red flag.
Persistence & Privilege
The skill is not set to always:true and does not request any elevated platform privileges. It runs as a local Flask app and writes its own local sqlite DB and download folder under the skill directory — this is consistent with its purpose. There is no evidence it attempts to modify other skills or global agent config. The agent-autonomous-invocation default is unchanged and not by itself problematic.
What to consider before installing
Key issues to consider before installing/running:
- The repository and SKILL.md contain a plaintext SkillPay API key (sk_...) and a hard-coded Flask SECRET_KEY. Treat these as sensitive: if the key is valid it will receive payments/requests under the skill author's account. Do not assume those credentials are yours. Consider replacing the key with your own SkillPay credentials stored in environment variables before running.
- Metadata says no credentials required, but the code includes secrets — ask the publisher why. Prefer skills that require you to supply API keys via environment variables rather than shipping with embedded secrets.
- The app runs a Flask web server and writes a local sqlite database and download files under the skill directory. Run it in a sandbox or isolated environment (not exposed to public internet) until you review the code fully.
- The SKILL.md/code contain some bugs/placeholder simulation (e.g., the scraper returns simulated articles). Expect the code may be untested; review/modify before trusting it with real scraping workloads.
- If you plan to use the payment functionality, verify the SkillPay account/owner and consider using your own billing credentials. If the embedded API key is unexpected, do not send real payments via that endpoint.
- If you want higher assurance, request the publisher provide: (1) a provenance/homepage and owner contact, (2) justification for any embedded secrets, or (3) a version that requires you to set SKILLPAY_API_KEY and SECRET_KEY via env vars rather than hard-coding them.Like a lobster shell, security has layers — review code before you run it.
articlevk970k60cpbszjdh2d4pdckqd5183hrcvlatestvk970k60cpbszjdh2d4pdckqd5183hrcvmonetizationvk970k60cpbszjdh2d4pdckqd5183hrcvscrapervk970k60cpbszjdh2d4pdckqd5183hrcvwechatvk970k60cpbszjdh2d4pdckqd5183hrcv
License
MIT-0
Free to use, modify, and redistribute. No attribution required.