Skillv0.1.1

ClawScan security

WeChat Social Automation · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewMar 13, 2026, 12:38 PM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The skill's stated purpose (WeChat account automation) matches the credentials it asks for in SKILL.md, but the registry metadata omits those required secrets and the skill is instruction-only and incomplete — this mismatch and the suggestion to store credentials in plaintext are concerning.
Guidance: This skill claims to automate WeChat accounts and its SKILL.md asks for your AppID/AppSecret/Token — those are valid credentials for the claimed task. However, the registry metadata does not list any required secrets (inconsistent), the integration is marked unimplemented, and the README suggests putting credentials into TOOLS.md (plaintext). Do not supply credentials until you verify how they will be used and stored: ask the developer how API calls are performed, whether secrets are stored encrypted or in a vault, request the actual implementation/source code, and prefer using platform-managed secret fields rather than embedding credentials in files. If you must test, create a limited-scope/test WeChat account or API key and avoid using production credentials.

Review Dimensions

Purpose & Capability: noteThe skill is for managing WeChat public accounts and friend-circle posts, and the SKILL.md requests WECHAT_APP_ID, WECHAT_APP_SECRET, and WECHAT_TOKEN — those credentials are appropriate for the claimed purpose. However, the registry metadata lists no required environment variables or primary credential, which is inconsistent with the instructions and reduces trust.
Instruction Scope: noteSKILL.md describes publishing, scheduling, analytics, and fan management and instructs users to provide WeChat credentials or add them to TOOLS.md. The instructions do not ask the agent to read unrelated system files or external secrets, but they are vague about how API integration will be performed (no endpoints, no auth flow, and many features are marked unimplemented). This ambiguity could lead to the agent asking for sensitive info without a clear, implemented backend.
Install Mechanism: okNo install spec and no code files (instruction-only) — minimal installation risk because nothing is downloaded or written by the skill itself. However, because the skill is not implemented, functionality depends on external integration that is not specified.
Credentials: concernThe SKILL.md requires AppID/AppSecret/Token which are reasonable for WeChat API access, but the registry metadata does not declare any required env vars or primary credential (mismatch). The README suggests adding secrets into a TOOLS.md file (plaintext), which is insecure. The skill requests sensitive credentials without describing secure handling, storage, or scoping.
Persistence & Privilege: okThe skill is not marked always:true and does not request persistent system-level privileges. As instruction-only, it does not modify other skills or system configs according to the provided files.