Skillv1.0.0

ClawScan security

微信公众号文章爬虫 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 13, 2026, 4:28 PM

Verdict: Benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's files and runtime instructions match its stated purpose (scraping WeChat articles to Markdown and saving images locally); there are no unexplained credentials, external endpoints, or obfuscated code, but it will perform arbitrary network requests and write files to disk so run it in a controlled environment and review the default output path before use.
Guidance: This skill appears to do what it says: it fetches a WeChat article URL, downloads images, and writes a Markdown file and images locally. Before installing/running: (1) review the code yourself if you can; (2) be aware it will perform HTTP requests to whatever URL you provide — avoid giving internal/private URLs to prevent unintended network access (SSRF-like risk); (3) the default output directory calculation in main.py goes two levels above the script directory (it may write files outside the project), so explicitly provide a safe output directory when running; (4) pip installs the listed dependencies from PyPI — run that in a virtualenv or sandbox; and (5) if you need stricter guarantees, run the script in an isolated environment without access to sensitive networks or credentials.

Review Dimensions

Purpose & Capability: okThe name/description (WeChat article scraper → Markdown + local images) aligns with the included Python modules (fetching HTML, parsing with BeautifulSoup, downloading images, converting HTML to Markdown). Required dependencies (requests, beautifulsoup4, lxml) match the code.
Instruction Scope: noteSKILL.md instructs running the included scripts which will perform HTTP requests to the user-supplied article URL and download images. This behavior is expected for a scraper, but the code will fetch arbitrary URLs (user-supplied) and thus can access internal/external network resources if the agent has network access — consider this when running in environments with access to private networks.
Install Mechanism: noteNo formal install spec is provided (instruction-only), but SKILL.md and scripts instruct running 'pip install -r requirements.txt'. The listed packages are standard and expected; pip installing raises the usual supply-chain considerations (packages come from PyPI). There are no downloads from untrusted URLs or extracted archives in the skill itself.
Credentials: okThe skill requests no environment variables or credentials and does not access system config paths. It writes Markdown and images to an output directory provided by the user (or a default).
Persistence & Privilege: okThe skill does not request always:true, does not modify other skills, and does not persist credentials or change agent-wide settings. It simply writes output files to disk.