Wechat Article Mulit Publisher
v1.0.2从 Markdown 文件或网页链接提取文章并发布到微信公众号。支持多账号管理、两种排版模板(standard/viral)、自动生成封面图和草稿发布。
⭐ 0· 87·0 current·0 all-time
byHyperCube@diwuwudi123
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description, SKILL.md, config.json, and the Python script all consistently implement publishing Markdown or webpage content to WeChat official accounts. The script uses WeChat API endpoints (token, media upload, draft/publish) and requires per-account app_id/app_secret in config.json — this matches the stated purpose.
Instruction Scope
Runtime instructions are limited to reading config.json, reading the provided article file or URL, rendering Markdown/HTML, uploading images and drafts to WeChat, and optionally listing/deleting drafts. The script will fetch remote URLs if given (expected for extracting articles) and will read local files the user passes; nothing in SKILL.md instructs the agent to read unrelated system files or to send data to third-party endpoints outside the documented WeChat APIs.
Install Mechanism
There is no automated install spec in the manifest, but SKILL.md advises running 'pip install -r scripts/requirements.txt'. The requirements are common libraries (requests, bs4, markdown, pyyaml, Pillow). Installing from PyPI is expected for a Python tool, but as with any pip install you should run it in a controlled environment (virtualenv) and review requirements if you are concerned.
Credentials
The skill requests no environment variables and declares no external credentials; instead it expects per-account app_id/app_secret stored in config.json, which is appropriate for WeChat API use. Storing secrets in a local JSON file is coherent but users should protect that file (do not commit app_secret to public repos).
Persistence & Privilege
The skill does not request persistent/always-on privileges. It is user-invocable and does not modify other skills or system-wide configurations. Autonomous invocation is default platform behavior but is not elevated here.
Assessment
This skill appears coherent with its description: it requires you to populate config.json with your WeChat AppID/AppSecret and will make network calls only to WeChat APIs and to any article URL you pass. Before running: (1) review the included scripts/publish_wechat.py (you already have it) to confirm it matches your expectations; (2) store app_secret in a secure place (or use file permissions) and do not commit it to source control; (3) run pip install in a virtualenv to avoid contaminating your system Python; (4) be cautious when feeding the tool arbitrary URLs (it will fetch and parse remote content); and (5) if you need stricter isolation, execute it in a sandbox or container. Overall the package is internally consistent and there are no signs of hidden exfiltration or unrelated credential requests.Like a lobster shell, security has layers — review code before you run it.
latestvk97b266qhk1w8ktn8wn9tm9bvs84cfe8
License
MIT-0
Free to use, modify, and redistribute. No attribution required.