WeChat Article Extractor

The skill's core Python script (`scripts/extract_wechat.py`) is benign, performing local HTML parsing and Markdown conversion without network calls or arbitrary execution. However, the `SKILL.md` instructs the OpenClaw agent to use the `exec` tool with `curl` and `python3` commands, passing arguments derived from external sources (mirror URLs from `web_search` and article titles). If the agent's `exec` tool does not properly sanitize or quote these arguments, it could lead to shell injection, allowing arbitrary command execution. This represents a significant vulnerability (RCE risk) in the interaction between the skill's instructions and the agent's execution environment, classifying it as suspicious rather than malicious due to the lack of clear intentional harmful behavior from the skill's author.