Official Account Assistant
Security checks across malware telemetry and agentic risk
Overview
This skill can help with drafts, but it asks for WeChat publishing/API authority and mass-send automation without clear scoping, and it promotes hiding AI authorship.
Treat this skill as a draft-writing aid only unless it adds clear account-permission declarations and mandatory final approval before any publish or mass send. Do not authorize WeChat API access or run missing helper scripts without reviewing them, and avoid using it to hide AI authorship in ways that could mislead readers or violate platform rules.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent could publish or mass-send content to followers in a way that affects the user's public account and reputation.
This directs the agent toward public-account publishing and mass messaging, which are high-impact actions, but the artifacts do not clearly bound final approval, audience scope, reversibility, or a safe draft-only default.
支持公众号后台自动发布;定时推送功能;自动排版优化;一键群发
Use this only for draft preparation unless the skill adds explicit preview, per-post approval, audience confirmation, logging, and cancellation/rollback guidance.
Granting broad account/API access could let the agent operate a publishing account beyond the user's expectations.
The skill asks for WeChat Official Account login and API authorization, but the registry metadata declares no primary credential, required environment variable, config path, or scope boundary for that account access.
Step 1:登录公众号 - 扫码登录微信公众平台 - 授权 API 访问权限
Do not authorize the account until the skill clearly declares required credentials, exact API scopes, storage/handling rules, and requires user confirmation before any publish or mass send.
Readers may be led to believe AI-generated or AI-assisted content was fully human-written, creating reputational and compliance risk.
The skill explicitly promotes concealing AI authorship, and it pairs that with public-account publishing workflows, which can mislead readers or violate platform/content policies.
彻底去除 AI 痕迹,根本看不出是 AI 写的
Use humanization for readability, not deception; avoid fabricated personal experiences and disclose AI assistance when required by platform rules or audience expectations.
If a user later obtains or runs similarly named helper scripts, their behavior may differ from the reviewed artifact set.
These referenced helper scripts are not included in the supplied file manifest, so the claimed auto-publish and image-generation implementations are not reviewable here.
`scripts/remove_ai_flavor.py` - AI 降味脚本; `scripts/auto_publish.py` - 自动发布脚本; `scripts/generate_images.py` - 智能配图脚本
Do not run additional scripts for publishing or image generation unless their source is included, reviewed, and pinned to a trusted version.
Unpublished article ideas or sensitive draft details could be shared with third-party image services.
If implemented, this feature may send article content or prompts to external image-generation providers; the artifacts do not define provider identity, retention, or data handling, although this is aligned with the stated image-generation purpose.
根据文章内容自动生成配图; 支持 DALL-E 3、Midjourney 等 AI 绘图
Avoid sending confidential drafts to image providers unless you understand and accept their terms, retention practices, and credential handling.
Draft titles and content may remain on disk after use and could be reused or viewed later.
The code stores created article records and draft content in a persistent local JSON file under the skill directory, which is expected for article management but should be visible to users.
ARTICLES_FILE = DATA_DIR / "articles.json" ... data["articles"].append(article) ... json.dump(data, f, ensure_ascii=False, indent=2)
Do not store confidential drafts unless local retention is acceptable, and delete articles.json when you no longer need the saved drafts.