v0.5.5

Research To Wechat

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 6:19 AM.

Analysis

This skill is coherent for creating WeChat drafts, but it can use WeChat credentials, authenticated browser access, and optional cross-platform distribution, so it should be reviewed carefully before installation.

GuidanceInstall only if you want an agent to help create WeChat article drafts and possibly use account credentials or logged-in browser sessions. Keep WeChat delivery to draft-only, inspect drafts before publishing, avoid Phase 8 distribution unless you explicitly approve each platform action, and review any manual installer or project AGENTS files before use.

Findings (5)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityMediumConfidenceMediumStatusConcern

references/capability-map.md

`multi-platform-distribute` ... optional Phase 8 delivery to 小红书、即刻、小宇宙、朋友圈 ... execute platforms sequentially

The artifacts describe browser/API-based distribution to multiple public platforms, but do not clearly specify final human confirmation, draft-only behavior, or account/session limits for those platforms.

User impactIf Phase 8 is requested, the agent could post or otherwise distribute content through multiple user accounts, which may be public and hard to reverse.

RecommendationBefore enabling Phase 8, require a final approval step for each platform, confirm whether actions save drafts or publish publicly, and use separate logged-in browser profiles where possible.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceHighStatusNote

README.md

curl -fsSL https://raw.githubusercontent.com/Fei2-Labs/skill-genie/main/research-to-wechat/scripts/install-openclaw.sh | bash

The manual install path pipes a remote script from the mutable `main` branch into bash. It is user-directed documentation, not automatic execution, but users should inspect or pin it.

User impactA manual installer run this way executes whatever script is served from that branch at install time.

RecommendationPrefer ClawHub installation or inspect and pin the installer to a specific commit before running it.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityMediumConfidenceHighStatusNote

README.md

Official WeChat credentials for draft delivery: `WECHAT_APPID`, `WECHAT_SECRET` ... Save a draft ... Update an existing draft

The skill needs WeChat account credentials and can add or update drafts through the official account API. This is expected for WeChat draft delivery, but it grants account-level mutation authority.

User impactIf configured, the skill can upload media and create or update drafts in the user's WeChat Official Account.

RecommendationUse dedicated, least-privileged WeChat credentials where possible, verify the generated draft before publishing, and avoid setting update targets unless you intend to modify an existing draft.

Identity and Privilege Abuse

SeverityMediumConfidenceMediumStatusConcern

references/capability-map.md

`source-ingest` use for: article URLs, video URLs, login-gated pages, delayed-render pages, PDF papers ... for generic URLs, use the browser tools to capture title, author, description, body, and image list

The skill may use browser tools to access login-gated pages and extract content, implying use of the user's authenticated browser/session context without clearly bounded account scope.

User impactThe agent may access and copy content from pages available only through the user's logged-in browser session.

RecommendationOnly provide URLs you are authorized to access, require explicit approval before using authenticated browser sessions, and review captured source material before reuse.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityLowConfidenceMediumStatusNote

references/execution-contract.md

Before rendering or uploading, read the project's `AGENTS.md` ... Walk through each section ... Fix all violations before proceeding

The skill imports local project instruction files into the delivery workflow. This is useful for project-specific style rules, but such files can influence behavior beyond the article if not treated narrowly.

User impactLocal project instructions may affect what the agent changes or blocks before rendering and uploading.

RecommendationReview project AGENTS files before use and keep their rules limited to article style, HTML, image, and delivery requirements.