ClawHub

zhihu-to-wechat

v1.0.0

全自动知乎热榜选题 → IT科技风格公众号文章生成 → 自动配图 → 微信服务号发布工作流。 当用户提到"知乎热点"、"公众号文章"、"帮我写公众号"、"热榜选题"、"微信推文"、"IT科技文章"、 "发布公众号"等场景时,必须触发此skill。适用于科技博主、IT自媒体、技术内容创作者。

0· 402·1 current·1 all-time
by@dachenchen690-droid
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
SKILL.md and the included scripts clearly require WeChat credentials (WECHAT_APP_ID, WECHAT_APP_SECRET) and an image API key (Unsplash/Pexels). However, the registry metadata declares no required env vars or primary credential. The actual capabilities (calling WeChat APIs, uploading images, saving tokens) are consistent with the described purpose, but the manifest omission of these sensitive dependencies is an incoherence that could mislead users about what secrets are needed.
!
Instruction Scope
Runtime instructions tell the agent to 'collect the following information and save it in the dialog context' (including AppSecret). Storing secrets in conversation context is risky because chat context may be logged or visible to other systems; the scripts themselves expect credentials via env vars or CLI args. The instructions otherwise stay within scope (web search for research, fetch Zhihu hot list, generate article, fetch images, format HTML, call WeChat APIs).
Install Mechanism
There is no install spec (instruction-only), which limits automatic disk modifications by an installer, but the skill bundles four executable Python scripts that the agent will run. Those scripts perform network I/O and write a token cache file to the user's home. No external download URLs or package installs are used, reducing supply-chain risk, but executing included code still has the normal runtime risk.
!
Credentials
The credentials requested by the workflow (WeChat AppID/AppSecret and Unsplash/Pexels keys) are proportionate to the described functionality. However, the skill metadata does not declare these env vars or a primary credential, which is misleading. The scripts also support reading credentials from environment variables and recommend exporting them — this should have been reflected in the manifest. The number and sensitivity of credentials is reasonable for the purpose, but the handling (saving to chat context, caching tokens to disk) raises privacy concerns.
Persistence & Privilege
The skill does not request 'always: true' and does not modify other skills. However, wechat_publisher writes a token cache file to the user's home (~/.wechat_token_cache.json) and will download/upload image binaries. That file-based caching is persistent and was not declared in the manifest; users should be aware tokens will be stored on disk.
What to consider before installing
This skill appears to implement the advertised Zhihu→WeChat publishing workflow, but exercise caution before enabling it: 1) It requires sensitive credentials (WECHAT_APP_ID, WECHAT_APP_SECRET) and an image API key (Unsplash/Pexels). The registry metadata did not declare these — verify you are comfortable providing them. 2) The SKILL.md suggests saving secrets in the conversation context (not recommended). Prefer supplying credentials via environment variables or CLI args and avoid pasting AppSecret into chat history. 3) The publisher script caches the access token to ~/.wechat_token_cache.json — review and secure or delete that file if needed. 4) Because the skill executes bundled Python scripts that perform network downloads/uploads, review the scripts yourself or run them in an isolated environment (container/VM) before giving real credentials. 5) Confirm your WeChat service account has the required permissions and quotas, and be mindful of Unsplash/Pexels API rate limits. If you need higher assurance, ask the publisher to (a) update the manifest to list required env vars and primary credential, (b) remove the instruction to store secrets in conversation context, and (c) optionally provide a minimal audit or signed release of the code.

Like a lobster shell, security has layers — review code before you run it.

2025/3/6-releasevk973npq31640q6wcvzjmt0ka3d82dc7clatestvk973npq31640q6wcvzjmt0ka3d82dc7c
402downloads
0stars
1versions
Updated 1mo ago
v1.0.0
MIT-0
@dachenchen690-droid
2025/3/6-releaselatest
Download

知乎热榜 → 微信公众号(IT科技风格)全自动发布

整体流程图

知乎热榜抓取 → 用户选题 → 内容研究 → 文章生成 → 自动配图 → 排版格式化 → 发布草稿

前置配置

用户首次使用时,收集以下信息并保存在对话 context 中:

参数说明获取方式
WECHAT_APP_ID服务号 AppID微信公众平台 → 设置与开发 → 基本配置
WECHAT_APP_SECRET服务号 AppSecret同上
UNSPLASH_ACCESS_KEY配图 API Keyhttps://unsplash.com/developers 免费注册
AUTHOR_NAME作者署名用户自定义

⚠️ 发布接口需要已认证的微信服务号,并开通"草稿箱"权限。

Step 1:抓取知乎热榜

运行脚本:scripts/fetch_zhihu.py

该脚本会:

  1. 请求知乎热榜 API(无需登录)
  2. 返回 Top 20 热榜话题,含标题、热度值、链接
  3. 标记 IT/科技/互联网相关话题(⭐ 推荐)

展示格式示例:

📊 今日知乎热榜(IT科技推荐)
━━━━━━━━━━━━━━━━━━━━
⭐ 1. 如何看待OpenAI发布o3模型? | 热度: 2341万
   2. 特斯拉Cybertruck续航测评 | 热度: 1876万
⭐ 3. 国内大模型2024年现状盘点 | 热度: 1654万
...

请选择 1-3 个话题(如:1,3):

等待用户选题后进入 Step 2。

Step 2:内容深度研究

针对用户选定的话题,使用 web_search 工具并行搜索:

搜索策略:

话题关键词 + "最新进展"
话题关键词 + "技术分析"
话题关键词 + "数据 报告 2024"
话题关键词 + site:zhihu.com

提炼要点(传给 Step 3):

  • 核心事件/结论(3-5条)
  • 关键数据/数字(增强可信度)
  • 技术背景说明(IT 读者预期有一定基础)
  • 争议点 / 不同观点(提高互动性)
  • 延伸影响(读者最关心的"对我有什么影响")

Step 3:生成 IT 风格公众号文章

参考模板:assets/it_article_template.md

IT 科技文章写作规范

标题公式(三选一):

  • [重磅] XXX,技术圈炸了
  • 深度 | XXX背后,我们看到了什么
  • XXX:一文搞懂,附完整技术解析

文章结构(1500-2500字):

[封面图占位]

▌ 导读(50字内,制造紧迫感/好奇心)

## 一、事件速览

[用3-4句话交代背景,适合快速浏览]

## 二、技术解读

[核心内容,深入但不晦涩,多用类比]
[穿插数据图表描述]

[配图1占位:技术架构/产品图]

## 三、行业影响

[对开发者/企业/普通用户分别的影响]

## 四、专家观点

[引用知乎高赞观点,标注来源]

[配图2占位:数据图/趋势图]

## 五、写在最后

[个人观点 + 引导评论的问题]
[关注/转发引导]

IT 写作风格要点:

  • 用「我们」拉近距离,避免「笔者」
  • 专业词汇后加简短解释(括号内),如:LLM(大语言模型)
  • 多用小标题、加粗,方便碎片化阅读
  • 数字用阿拉伯数字,增强冲击感
  • 结尾必有互动问题,引导留言

Step 4:自动配图

运行脚本:scripts/fetch_images.py

配图策略:

  1. 封面图:根据文章主题,搜索高质量横版图(16:9)
  2. 配图1:技术相关图(服务器/代码/芯片等)
  3. 配图2:数据/趋势图风格图

图片来源优先级:

  1. Unsplash API(需 API Key,免费高清)
  2. Pexels API(备选,同样免费)
  3. 关键词 web_search 图片搜索(最后备选)

返回图片 URL 列表,插入文章对应位置。

Step 5:HTML 排版生成

运行脚本:scripts/format_article.py

生成符合微信公众号的 HTML,特点:

  • 内联样式(微信编辑器不支持外部 CSS)
  • 渐变色标题装饰(科技感蓝紫色系)
  • 代码块特殊样式
  • 引用块样式
  • 自适应图片

参考样式规范:references/wechat_html_style.md

Step 6:上传配图并发布草稿

运行脚本:scripts/wechat_publisher.py

流程:

  1. 获取 Access Token(自动刷新)
  2. 上传封面图到微信素材库 → 获取 thumb_media_id
  3. 上传正文配图 → 替换文章中的图片 URL 为微信 CDN 地址
  4. 调用草稿接口创建草稿
  5. 返回草稿 media_id,提示用户前往公众号后台预览发布

最终提示:

✅ 草稿已创建成功!
📝 media_id: xxxxxxxxxxxx
🔗 请前往微信公众平台 → 草稿箱 → 预览后发布
   https://mp.weixin.qq.com

错误处理

错误原因解决方案
40001 invalid credentialToken 过期脚本自动重新获取
45009 reach max api daily quota日调用超限明日重试
48001 api unauthorized未开通接口权限公众平台申请接口
知乎请求被拦截频率限制脚本内置随机延迟

快速开始

用户说"帮我写一篇知乎热点公众号文章"时,执行:

  1. 直接运行 Step 1 展示热榜
  2. 等用户选题
  3. Step 2-6 自动流水线执行
  4. 每步完成后简短告知进度

读取参考文件了解更多:

  • references/wechat_api.md — 微信API完整参数说明
  • references/wechat_html_style.md — HTML排版样式规范

Comments

Loading comments...