ClawHub
Back to skill
v1.0.0

WeChat RSS

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 8:32 AM.

Analysis

This skill appears to do what it says—fetch WeChat RSS articles through wcrss.com—but users should notice that it uses an API key, sends requests to that service, summarizes external article content, and writes a local cache.

GuidanceInstall only if you are comfortable giving the skill access to your wcrss.com API key and article feed data. Keep the API key scoped to wcrss.com, treat article bodies as untrusted text for summarization only, and clear the local cache if you do not want fetched article or publisher data to remain on disk.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agent Goal Hijack
SeverityLowConfidenceHighStatusNote
SKILL.md
For each article, use the LLM to summarize the `content_html` into key points

Fetched article HTML is placed into the LLM context. This is necessary for summarization, but external article text could contain instructions that should not be followed as agent commands.

User impactA malicious or unusual article could try to influence the assistant while it is summarizing.
RecommendationTreat fetched article content as untrusted source material and only summarize it; do not follow any instructions embedded in the article body.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityLowConfidenceHighStatusNote
scripts/wechat_rss.py
api_key = os.environ.get("WCRSS_API_KEY")

The script requires a wcrss.com API key from the environment and sends it as a Bearer token to the wcrss API; this is purpose-aligned, but it is still credential use.

User impactThe skill can access the wcrss.com account data available to that API key, such as the user’s configured publishers/articles.
RecommendationUse an API key intended only for wcrss.com access, keep it private, and revoke or rotate it if you no longer use the skill.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning
SeverityLowConfidenceHighStatusNote
scripts/wechat_rss.py
CACHE_FILE = "wechat_articles_cache.json"

The script writes fetched articles and publisher data to a local JSON cache that later commands read back for article retrieval.

User impactFetched article data and followed-publisher information may remain on disk and could be reused in later runs until the cache is cleared or replaced.
RecommendationRun the skill in an appropriate working directory and clear the cache if the article list or followed-publisher data should not remain locally.