Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
"微信公众号草稿上传"
v1.0.0将本地 Markdown 文章上传到微信公众号草稿箱。当用户提到"上传文章到公众号"、"发布到微信公众号"、"推送到公众号草稿"等场景时应使用本技能。本技能通过调用微信公众平台 API,自动完成 Markdown 转 HTML、封面图生成/上传、创建草稿等全流程操作。
⭐ 0· 111·0 current·0 all-time
bySean zheng@cnspica
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The code (markdown → HTML, cover generation, upload to WeChat material API, create draft) matches the skill description. However, the repository contains a test runner (scripts/run_upload.py) that hard-codes AppID, AppSecret and an absolute path to a Markdown file — these embedded credentials are not required by the SKILL.md usage examples and are unexpected.
Instruction Scope
SKILL.md instructs only running scripts/upload_draft.py with CLI-supplied AppID/AppSecret and local file paths (appropriate). The included scripts read local Markdown and cover image files (expected). The presence of scripts/run_upload.py that overrides sys.argv and execs upload_draft.py means a user or automated tooling could accidentally run an upload using embedded credentials — this expands the effective scope if someone runs that file.
Install Mechanism
No install spec is provided (instruction-only style). The skill's code uses only standard Python libraries and optionally Pillow; there is no downloaded archive or third-party installer in the manifest.
Credentials
The skill does not request environment variables, and the runtime behavior expects AppID/AppSecret provided as CLI args (proportional). However, scripts/run_upload.py contains hard-coded credentials (AppID and AppSecret) and an absolute local path — embedding credentials in shipped code is a secret-leak risk and disproportionate to the stated purpose.
Persistence & Privilege
The skill does not request persistent/automatic inclusion (always:false) and does not modify other skills or system configuration. It only writes local files (HTML drafts) as part of normal operation.
What to consider before installing
This skill appears to implement the advertised WeChat draft upload flow, but exercise caution before installing/ running it. Key points:
- Do not run scripts/run_upload.py as-is. It hard-codes an AppID and AppSecret plus an absolute path; running it would use those embedded credentials. Treat those as accidental secrets. If those credentials are real, they should be revoked/rotated.
- Prefer running scripts/upload_draft.py manually and provide your AppID/AppSecret and file paths on the command line as documented in SKILL.md.
- Inspect and remove any hard-coded credentials from the repository. Search the repo for other secrets before use.
- The scripts contact only expected endpoints: the official WeChat API hosts (api.weixin.qq.com) and a placeholder image host (placehold.co). If you require fully offline operation, provide a local cover image and do not allow network access.
- Run in an isolated environment (or sandbox) the first time to confirm behavior and outputs, and review the saved draft_*.html files to verify no unexpected content is included.
If you can provide confirmation that the embedded AppID/AppSecret are dummy/test values, confidence would increase; if they are valid, treat this as a credential leak and rotate them immediately.Like a lobster shell, security has layers — review code before you run it.
latestvk9770pmhgzyswnzc6fznvg6r9h8397r0
License
MIT-0
Free to use, modify, and redistribute. No attribution required.