Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
微信公众号文章生产SOP
v1.3.0微信公众平台文章全流程生产工具,涵盖选题、调研、撰写、去AI味、生成配图、HTML排版及提交草稿七个标准步骤。
⭐ 0· 93·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The declared purpose (full WeChat article workflow including submitting drafts) is consistent with the shipped scripts (temp-convert.js, submit-draft.js, humanize/detect/style scripts) and npm dependencies (puppeteer). However the registry metadata lists no required environment variables or config paths while the SKILL.md explicitly requires WECHAT_APPID and WECHAT_APPSECRET to be stored in ~/.openclaw/env and instructs adding the server IP to WeChat's whitelist. That mismatch between metadata and runtime requirements is an incoherence that could surprise users.
Instruction Scope
SKILL.md contains detailed runtime instructions that stay within the stated purpose (collect, humanize, render HTML to images, and submit drafts). Two notable items: (1) it tells the agent to '立即使用此技能' when users mention article-related topics — a broad trigger phrase that may cause frequent/automatic invocation; (2) it mandates storing credentials in ~/.openclaw/env and running detection/humanize scripts every time. Both are within scope for the skill's goal, but give the skill broad discretion and require access to a credentials file — the agent or operator should confirm how those credentials are read and protected.
Install Mechanism
There is no platform-level install spec, but SKILL.md instructs running `npm install` in the skill folder. package.json depends on puppeteer and commander (both from npm). This is a typical Node-based install; note that puppeteer downloads browser binaries and may require Node >= 18 (some puppeteer/browser packages in package-lock indicate Node >=18). No external arbitrary download URLs or obscure installers were observed in the provided files.
Credentials
The SKILL.md legitimately requires WECHAT_APPID and WECHAT_APPSECRET (which are proportional to a skill that submits drafts via the WeChat API). However, the registry metadata advertised to the platform lists no required env vars nor required config paths — this is inconsistent. The SKILL.md also specifies a concrete filesystem location (~/.openclaw/env) for credentials, which implies the skill will read that file at runtime; the metadata should have declared this. The number and sensitivity of required secrets (AppSecret) are reasonable, but the omission from metadata is a red flag and should be corrected/verified. Also inspect submit-draft.js to confirm it only uses the WeChat API and does not send credentials elsewhere.
Persistence & Privilege
The skill is not marked always:true and does not request special system privileges. It does instruct adding the runtime server IP to the WeChat IP whitelist (expected for WeChat API calls). One operational note: SKILL.md tells the agent to 'immediately use' this skill when users mention related topics — combined with normal autonomous invocation this could lead to more frequent automatic activations than a user expects. This is behavioral (invocation scope) rather than an install-time privilege, but worth awareness.
What to consider before installing
This skill appears to implement the described WeChat article pipeline and ships scripts to humanize text, generate images, and submit drafts. However: (1) SKILL.md requires WECHAT_APPID and WECHAT_APPSECRET to be placed in ~/.openclaw/env, but the registry metadata does not declare those required env vars — confirm and correct metadata before installing. (2) Review scripts/submit-draft.js (and any network calls) to verify it only contacts the WeChat API and does not leak credentials to other endpoints. (3) npm install will pull puppeteer and many npm packages; ensure you run it in an isolated environment and are prepared for browser binaries (Node >=18 may be required). (4) Consider restricting automatic invocation: the SKILL.md's instruction to 'immediately use' on any article-related mention is broad — if you don't want the agent to run this skill automatically, disable autonomous invocation or require explicit user confirmation before submission. (5) Store AppSecret securely, run the skill on a server/IP you control (for WeChat IP whitelist), and rotate credentials after testing. If you want a higher confidence verdict, provide the full submit-draft.js source and confirm how environment variables are read at runtime.scripts/submit-draft.js:15
Environment variable access combined with network send.
scripts/submit-draft.js:24
File read combined with network send (possible exfiltration).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.Like a lobster shell, security has layers — review code before you run it.
latestvk9785gb2dfcskzdjhe1pwd9ve983m0e5
License
MIT-0
Free to use, modify, and redistribute. No attribution required.