Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
WeChat Article Writer
v2.4.1End-to-end 微信公众号 article writing and publishing — from topic ideation to published article, with quality gates.
⭐ 1· 632·3 current·3 all-time
byChunhua Liao@chunhualiao
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The skill's functionality (WeChat API publishing, browser automation, AI image providers) legitimately requires credentials and system access (WeChat appid/appsecret, Z.AI/OpenRouter keys, ability to run browser/CDP). However the registry metadata declares no required environment variables, no config paths, and no primary credential while README/SKILL.md clearly reference ZAI_API_KEY, GLM_API_KEY, OPENROUTER_API_KEY and a secrets file (~/.wechat-article-writer/secrets.json). That mismatch (capability needs not declared) is incoherent and unexpected.
Instruction Scope
Runtime instructions tell the operator/agent to run scripts/setup.sh which installs runtimes and a persistent preview server (systemd wechat-preview.service, port 8898), write config.json and secrets file, persist pipeline-state.json (which can include wechat_token and editor IDs), and perform browser automation that extracts tokens from mp.weixin.qq.com and pastes HTML/images into the editor. These actions read/write local files, create services, and interact with external APIs (WeChat API, Z.AI/OpenRouter). The instructions therefore go beyond a simple formatter/authoring tool and include installing persistent services and handling sensitive credentials — yet those accesses are not declared in the skill metadata.
Install Mechanism
There is no formal install spec in the registry, but the bundled scripts include scripts/setup.sh which (per SKILL.md/CHANGELOG) will install bun, renderer dependencies and register a systemd preview server. All code is bundled in the skill (no external short URLs in the provided manifest), so installation is driven by a local script rather than a remote one-step download. Installing a systemd service is high-impact (requires privileges) — the mechanism is local script execution rather than a one-line package manager entry, which increases operational risk and should be inspected before running.
Credentials
The skill’s docs require multiple credentials (ZAI_API_KEY, GLM_API_KEY, OPENROUTER_API_KEY and a WeChat appid/appsecret stored in a secrets.json file) and expects access to Chrome/CDP or the OpenClaw browser tool. The registry claims no required env vars or config paths. Requiring multiple unrelated API keys and writing a credentials file in the user home without declaring them is disproportionate and inconsistent with the published metadata.
Persistence & Privilege
The skill's setup installs a persistent preview server (systemd unit, auto‑restart) listening on port 8898 and persists pipeline-state.json and secrets under ~/.wechat-article-writer/. That is a persistent footprint on the host (service + disk storage of tokens). While 'always: false' is set, the skill still requests to create long‑lived system components and store sensitive tokens — a significant privilege and operational change that should be explicitly disclosed and approved.
What to consider before installing
What to check before installing or running this skill:
- Metadata mismatch: The skill bundle and docs expect WeChat API credentials and image-provider API keys (ZAI/OPENROUTER/GLM) and a secrets.json path, but the registry metadata declares no required env vars or config paths. Treat that as a red flag and ask the maintainer why the metadata is incomplete.
- Inspect the installer: Open scripts/setup.sh and scripts/publish_via_api.py before running. The setup script will install runtimes (bun), dependencies and register a systemd service (wechat-preview.service on port 8898). Installing services usually needs sudo and leaves a persistent network-facing component — only run if you trust the code or run it inside an isolated VM/container.
- Secrets handling: The skill writes/reads ~/.wechat-article-writer/secrets.json and pipeline-state.json which can contain the WeChat token/appid/appsecret. Prefer using a low‑privilege WeChat account or test account; do not supply production credentials until you’ve audited the code.
- Network calls and third parties: The skill will call external endpoints — WeChat APIs and third‑party image providers (Z.AI/OpenRouter). Confirm which hosts and endpoints publish_via_api.py and generate scripts call, and be aware of cost implications for image generation (doc lists providers and per-image cost).
- Prefer non‑privileged testing: If you want to try only formatting/preview functionality, avoid giving browser/CDP access or publishing credentials; run the renderer locally to produce formatted.html and serve it manually instead of running setup.sh.
- If you must run it: run setup in an isolated environment (container or disposable VM), review logs and network traffic, and verify the systemd unit content before enabling it. Ask the publisher to update the registry metadata to declare required env vars and config paths so permissions are explicit.
If you want, I can: (a) point out the exact lines in setup.sh and publish_via_api.py that create services or send credentials, (b) produce a minimal checklist of what to audit in those scripts, or (c) suggest a safer containerized install procedure.Like a lobster shell, security has layers — review code before you run it.
latestvk9760wt640n4j46v9be34ze669825fg2
License
MIT-0
Free to use, modify, and redistribute. No attribution required.