Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
wechat draft deleter
v1.0.0删除微信公众号草稿箱中的草稿。支持批量删除指定Media ID的草稿。
⭐ 0· 64·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description (delete WeChat public-account drafts) align with the shipped code: scripts/delete_drafts.py calls the official WeChat token and draft/delete endpoints. However the registry metadata lists no required env vars/credentials while both SKILL.md and the script require WECHAT_APP_ID and WECHAT_APP_SECRET — an inconsistency between declared metadata and actual needs.
Instruction Scope
Runtime instructions are narrowly scoped: they ask you to provide AppID/Secret, read Media IDs from CLI args or a file, fetch an access_token, and POST to the official WeChat API. The instructions do not ask the agent to read unrelated system files or send data to third-party endpoints. Concern: README includes an example that sets concrete-looking AppID/AppSecret values — if those are real credentials they are leaked and dangerous.
Install Mechanism
install.sh installs a Python dependency (requests) via pip3, makes scripts/delete_drafts.py executable, and creates a symlink in /usr/local/bin. This is a typical local install but it modifies a system path and runs pip globally. No remote downloads from untrusted URLs; the install is not high-risk but you should review and run in a controlled environment (or use a virtualenv).
Credentials
The skill requires WECHAT_APP_ID and WECHAT_APP_SECRET to operate (the script checks env vars and SKILL.md instructs setting them), but the registry metadata declares no required env vars — that's misleading. Additionally, the README/example includes explicit AppID/AppSecret values; if those are actual credentials, they expose account access and should be treated as compromised (rotate/revoke).
Persistence & Privilege
always:false and no autonomous elevation flags — good. The only persistence-like change is creation of a symlink in /usr/local/bin (install.sh), which is normal for CLI tools but modifies a system-wide directory and may require elevated permissions. No evidence the skill modifies other skills or system configs beyond this.
What to consider before installing
This skill appears to do what it claims (delete WeChat draft items) and uses only the official WeChat endpoints, but take these precautions before installing:
- Metadata mismatch: the registry lists no required env vars but the tool requires WECHAT_APP_ID and WECHAT_APP_SECRET — expect to provide those. Do not rely on registry metadata alone.
- Review README for hard-coded example credentials. Treat any concrete AppID/AppSecret in examples as potentially leaked; if you or your org used them, rotate/revoke immediately.
- Inspect install.sh before running. It will pip install requests and create a symlink in /usr/local/bin; prefer installing inside a Python virtualenv to avoid global pip changes and reduce system impact.
- Run the tool in a test account first (not production) to confirm behavior and to avoid irreversible deletes.
- If you don't trust the source, avoid running install.sh; instead run scripts/delete_drafts.py directly from a checked-out copy after manual review.
If you want higher confidence, ask the publisher for a trusted repository URL or signed release, and request that required env vars be declared in the registry metadata.Like a lobster shell, security has layers — review code before you run it.
latestvk97cp245d92g5qgeqapjbgmcy5838b2r
License
MIT-0
Free to use, modify, and redistribute. No attribution required.