Skillv1.0.1

ClawScan security

wechat-article-explainer · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 11, 2026, 11:49 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code and instructions match its description: it fetches and summarizes WeChat (mp.weixin.qq.com) articles using requests or Playwright and does not request unrelated credentials or install arbitrary third-party binaries.
Guidance: This skill appears to do exactly what it claims, but take a few precautions before using it in production: 1) Inspect scripts/wechat_reader.py yourself (it's included) and confirm you are comfortable running it. 2) Install dependencies from official sources (pip and the official Playwright install) and be aware Playwright will download a browser binary. 3) Prefer running the script in a sandboxed environment (or without browser mode: --no-browser) if you are worried about untrusted page JavaScript or network access. 4) Only provide trusted mp.weixin.qq.com links; because the script will attempt any URL it's given, it could be used to probe internal services (SSRF) if the agent has network access to non-public hosts. 5) If provenance is important, ask the publisher for source/origin details — the registry metadata shows an owner id but no homepage.

Review Dimensions

Purpose & Capability: okThe name/description, SKILL.md, requirements.txt, and scripts/wechat_reader.py are consistent: the skill fetches WeChat article pages and extracts title, author, date, and content. Required dependencies (requests and optionally playwright) align with the stated approach (direct HTTP or browser emulation). No unrelated environment variables or credentials are requested.
Instruction Scope: noteSKILL.md explicitly instructs running scripts/wechat_reader.py on mp.weixin.qq.com article URLs, which the code supports. However, the script does not strictly enforce the domain — if given an arbitrary URL it will attempt to fetch it. That means an attacker or a careless user could cause the agent to request arbitrary network endpoints (SSRF/probing). Also, using Playwright runs a full browser and executes page JavaScript from remote pages (normal for scraping, but increases the attack surface). SKILL.md does warn about anti-leeching and suggests using browser mode or asking the user to copy content when fetch fails.
Install Mechanism: okThere is no automated install spec; dependencies are listed in requirements.txt. Installing Playwright requires an additional browser install step (playwright install chromium). All installs are from standard Python packages (pip). No downloads from obscure URLs or arbitrary extract operations are present in the package.
Credentials: okThe skill requests no environment variables, no credentials, and no config paths. The level of access requested (networking to fetch public web pages) is proportional to the stated purpose.
Persistence & Privilege: okalways is false and the skill does not request persistent platform privileges. It contains a runnable script but does not attempt to modify other skills or global agent settings.