ClawHub

微信公众号文章爬虫

v1.0.0

微信公众号文章爬虫 - 将微信公号文章转换为 Markdown + 本地图片

0· 275·2 current·2 all-time
by@chenchaoqun
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (WeChat article scraper → Markdown + local images) aligns with the included Python modules (fetching HTML, parsing with BeautifulSoup, downloading images, converting HTML to Markdown). Required dependencies (requests, beautifulsoup4, lxml) match the code.
Instruction Scope
SKILL.md instructs running the included scripts which will perform HTTP requests to the user-supplied article URL and download images. This behavior is expected for a scraper, but the code will fetch arbitrary URLs (user-supplied) and thus can access internal/external network resources if the agent has network access — consider this when running in environments with access to private networks.
Install Mechanism
No formal install spec is provided (instruction-only), but SKILL.md and scripts instruct running 'pip install -r requirements.txt'. The listed packages are standard and expected; pip installing raises the usual supply-chain considerations (packages come from PyPI). There are no downloads from untrusted URLs or extracted archives in the skill itself.
Credentials
The skill requests no environment variables or credentials and does not access system config paths. It writes Markdown and images to an output directory provided by the user (or a default).
Persistence & Privilege
The skill does not request always:true, does not modify other skills, and does not persist credentials or change agent-wide settings. It simply writes output files to disk.
Assessment
This skill appears to do what it says: it fetches a WeChat article URL, downloads images, and writes a Markdown file and images locally. Before installing/running: (1) review the code yourself if you can; (2) be aware it will perform HTTP requests to whatever URL you provide — avoid giving internal/private URLs to prevent unintended network access (SSRF-like risk); (3) the default output directory calculation in main.py goes two levels above the script directory (it may write files outside the project), so explicitly provide a safe output directory when running; (4) pip installs the listed dependencies from PyPI — run that in a virtualenv or sandbox; and (5) if you need stricter guarantees, run the script in an isolated environment without access to sensitive networks or credentials.

Like a lobster shell, security has layers — review code before you run it.

latestvk97a564zbbyb1p6aqyjn4zx2s182v1e7

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments