Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Aws Wechat Article Main
v1.0.0管理微信公众号从选题到发布的完整内容的固定流程,路由到各子能力。任何新任务执行时必须严格按这个流程顺序推进,选题 → 写稿 → 审稿(内容审) → 排版 → 配图 → 审稿(终审) →发布 ,且每一步完成是进入下一步的前提。当用户提到「公众号运营」「自动运营」「发篇文章」「内容规划」「怎么运营」「一条龙」「完整流...
⭐ 0· 31·0 current·0 all-time
by@bbd145
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's name/description (WeChat article orchestration) aligns with its files and scripts: it orchestrates sub-skills, manages config.yaml/article.yaml/aws.env, and runs validate_env.py. The listed dependency on sub-skills and the filesystem permission are expected for a local orchestration tool. However, registry metadata declares no required env vars/primary credential while the runtime clearly expects multiple secret keys in aws.env (writing/image model keys and WeChat AppID/AppSecret). That metadata omission is inconsistent and should be clarified.
Instruction Scope
SKILL.md instructs the agent to check the OS, run shell commands, inspect repository files, and execute scripts (validate_env.py, later publish.py). Those actions are within scope for a local publishing orchestrator. The skill explicitly forbids asking users to paste secrets into chat and directs secrets to a local aws.env file. One concern: references/first-time-setup.md includes an external configuration URL placeholder (https://config.com) and suggests the user could 'send the completed file' to the agent to write it into place — that could lead to users uploading secrets or sharing sensitive files; this is a risky instruction that is not necessary for the stated purpose.
Install Mechanism
No install spec (instruction-only plus supporting scripts) — lowest install risk. The included Python validation script is plain and reads local files; nothing in the package downloads or executes remote code during install.
Credentials
The script legitimately requires secrets (WRITING_MODEL_API_KEY, IMAGE_MODEL_API_KEY, WECHAT_{i}_APPID/APPSECRET) stored in a local aws.env for full functionality, which is proportionate to a publishing skill. However, the registry metadata lists no required env vars/primary credential, creating a transparency gap. Also the skill requires filesystem permission (skill.json) which enables reading aws.env; while necessary, this raises the usual secret-exposure risk and should be highlighted to users.
Persistence & Privilege
The skill is not marked always:true and allows normal autonomous invocation. It declares filesystem permission, which is reasonable for writing/reading config and article files. There is no evidence the skill modifies other skills or system-wide settings. Still, filesystem access combined with stored secrets increases blast radius if misused.
Scan Findings in Context
[permissions-filesystem] expected: skill.json lists "permissions": ["filesystem"], which is expected for a local orchestrator that must read/write config, drafts, and aws.env. It is legitimate but means the skill can access local secret files.
[external-config-url-placeholder] unexpected: references/first-time-setup.md mentions an external URL 'https://config.com' as a 'configuration platform' and suggests the user can 'send the completed file' to the agent to write it. This is a suspicious/incomplete placeholder that could encourage users to upload secrets or send confidential files to an external service or to the agent — not required for offline operation and should be removed or explained.
[yaml-import-requires-dep] expected: scripts/validate_env.py imports PyYAML (yaml). The script prints an instruction to pip install pyyaml if missing. Requiring PyYAML for parsing config is expected, but the package dependency is not declared in skill metadata.
What to consider before installing
This skill appears to be a legitimate local orchestrator for WeChat article workflows, but take these precautions before installing or enabling it:
- Do not paste AppSecret/API keys into chat. Keep secrets in a local aws.env file as the skill requests and edit files locally.
- The skill has filesystem access (expected) so it can read aws.env and other files — only enable it in environments where you trust the skill and agent runtime.
- Ask the maintainer to clarify the missing registry metadata: list the required env vars (WRITING_MODEL_API_KEY, IMAGE_MODEL_API_KEY, WECHAT_{i}_APPID/APPSECRET, etc.) and any Python package requirements (PyYAML). The lack of declared env vars is a transparency issue.
- Remove or verify the external URL 'https://config.com' in the docs. Do not upload secrets to unknown external services; prefer local configuration.
- Review the code of publish.py and other sub-skills before allowing this skill to run autonomously, especially if you intend to let it publish (published vs draft vs none). Consider running validate_env.py locally yourself to confirm behavior and ensure it only reads files and does not transmit secrets.
If you want, I can list the exact env keys the scripts look for and point to all files that will be read/written so you can audit them before enabling the skill.Like a lobster shell, security has layers — review code before you run it.
latestvk978hge33fm2qcwckytbjqraw1840hht
License
MIT-0
Free to use, modify, and redistribute. No attribution required.