ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

微信公众号文章解析

v1.0.1

Extract metadata and content from WeChat Official Account articles. Use when user needs to parse WeChat article URLs (mp.weixin.qq.com), extract article info...

5· 1.6k·6 current·9 all-time
by苍何@freestylefly
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name, README, SKILL.md, and the included scripts all align: the code fetches mp.weixin.qq.com or weixin.sogou.com pages and parses metadata/content using cheerio and script parsing. Declared npm dependencies match the parsing/HTTP tasks.
!
Instruction Scope
The runtime code performs HTTP requests to arbitrary user-supplied URLs and parses page scripts. It constructs and runs new Function(...) on JavaScript extracted from page <script> tags to recover data (and recurses to follow transfer links). Executing code derived from remote pages is dangerous (can cause CPU/IO abuse or access globals) even if used to parse data; the SKILL.md does not warn about this or require sandboxing. The instructions don’t ask for extra credentials or system files, but the dynamic evaluation of untrusted content is scope-expanding.
Install Mechanism
No install spec is provided (instruction-only), but package.json and package-lock.json are included meaning a user will need to run npm install to use the code. The lockfile contains many transitive dependencies (some unexpected packages appear in the lockfile), but no direct download-from-URL or third-party install mechanism was found. Recommend running npm audit and installing in an isolated environment.
Credentials
The skill does not request environment variables, credentials, or system config paths. The code does not read process.env or other secrets. This is proportionate to the stated purpose.
Persistence & Privilege
The skill is not always-enabled and is user-invocable (normal). It includes a .claude/settings.local.json file that references an "enabledMcpjsonServers" value (cloudbase) and a flag to enable project MCP servers — this is a local config snippet and does not by itself escalate privileges, but it is unexpected metadata and worth reviewing if you run this in a managed Claude/agent environment.
What to consider before installing
This package generally does what it claims — it fetches WeChat article pages and extracts metadata — but it uses new Function(...) to execute JavaScript pulled from remote pages. That makes it risky to run on untrusted input because the evaluated code could be malicious or cause resource abuse. Before installing or running: 1) Review/grep the scripts for use of new Function / eval and consider replacing evaluation with safer static parsing where possible. 2) Run npm install and npm audit locally; pin dependencies and inspect transitive deps. 3) Run the skill inside an isolated sandbox/container with restricted network egress and limited CPU/memory. 4) Do not feed it URLs that contain sensitive tokens or that point to internal resources. 5) If you need stronger assurance, ask the author for a version that avoids executing remote JS or provide a minimal repro showing why evaluation is necessary. If you cannot sandbox it, treat it as high-risk.

Like a lobster shell, security has layers — review code before you run it.

latestvk971zpqkngg04yzyxbcvx47p8181fjf2wechatvk97bxvtybevyhcex9xqpszamh181fsbt

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments