Skillv1.0.1

ClawScan security

WeChat Writing Workflow · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewMar 14, 2026, 6:36 AM

Verdict: Review
Confidence: high
Model: gpt-5-mini
Summary: The skill's description matches a WeChat publishing workflow, but the instructions and included files imply use of WeChat AppID/AppSecret and external node/python tools that are not declared or delivered, so the package's declared requirements are incomplete and incoherent.
Guidance: The workflow appears to do what it says (search, rewrite, format, publish), but there are important mismatches you should resolve before installing or providing credentials: - Verify provenance: this skill's source and homepage are unknown. Confirm who 'academic-assistant' is and where the referenced node scripts (search_wechat.js, download.js, publish.js) and tools (wechat-publisher, wechat-toolkit, wenyan-cli) come from. The package does not include those node scripts. - Credentials not declared: the SKILL.md and helper script mention WeChat AppID/AppSecret and IP whitelist, but the manifest does not declare required env vars. Do not provide real AppID/AppSecret until you understand how/where they will be stored and used. - Inspect dependent tools: the instructions call external tooling that will fetch web content and publish to WeChat. Review the source of those tools (wechat-publisher, wechat-toolkit, wechat-mp-publish) to ensure they are trustworthy and do not exfiltrate data. - Legal/ethical risk: the workflow includes explicit '改写/洗稿' steps. Automated scraping and aggressive rewriting can violate copyright or platform policies—assess legal risk for your use case. - Test in a sandbox: run the skill in a controlled environment with dummy/test credentials and network monitoring to confirm behavior before using production credentials. - Ask the publisher to update the manifest: request that the author declare required environment variables (WeChat AppID/AppSecret), list required binaries/tools, and include or link to the external node/python scripts so you can inspect them. If they cannot or will not provide these details, treat the skill as untrusted.

Review Dimensions

Purpose & Capability: concernThe skill claims to orchestrate a WeChat writing/publishing workflow and references other skills (wechat-publisher, wechat-toolkit, wechat-mp-writer-skill) — that purpose is plausible. However the SKILL.md and script clearly expect WeChat credentials (AppID/AppSecret), CLI tools (node scripts like search_wechat.js, download.js) and other tooling (wenyan-cli) but the registry metadata lists no required environment variables or required binaries. That mismatch is disproportionate and unexplained.
Instruction Scope: noteRuntime instructions tell the agent to run external node and python commands to search, download, rewrite and publish articles (e.g., node search_wechat.js, node download.js, python wechat_publisher.py). Those operations (web scraping, content download, automated publishing) are consistent with the stated workflow, but the skill does not include the referenced node scripts and gives broad, actionable steps to fetch and publish content — including steps for 'AI 去痕迹/洗稿' (rewriting) which raises ethical and copyright concerns. The SKILL.md also references saving outputs to disk and scheduling publishes; the instructions do not read or require any unrelated system files, but they give the agent broad discretion to fetch and transmit external content.
Install Mechanism: okThere is no install spec (instruction-only with a small helper script). That is low-risk from an installation standpoint because nothing is downloaded or installed by the registry package itself. The included scripts are readable and not obfuscated.
Credentials: concernAlthough the registry metadata declares no required environment variables or primary credential, the SKILL.md and scripts explicitly mention WeChat AppID and AppSecret, IP whitelists, and '已配置环境变量' in a checks list. The skill likely needs sensitive credentials to publish to WeChat, but those credentials are not declared in requires.env or described how they should be provided/secured. This is a significant coherence gap and a potential security/privacy risk if users supply credentials without clarity on storage/usage.
Persistence & Privilege: okThe skill is not marked always:true and does not request system-wide persistence or modify other skills. It is user-invocable and allows autonomous invocation (platform default), which is expected for skills. No elevated privileges are requested in the manifest.