v0.3.2

多个微信公众号文章同步和下载

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 7:55 AM.

Analysis

This skill appears aligned with WeChat article syncing, but it deserves Review because it stores WeChat backend login state and can route authenticated fetching through user-configured proxies or messaging channels.

GuidanceReview this skill before installing if your WeChat public-account backend is sensitive. Confirm you trust the publisher, understand where login/session and downloaded article data are stored, use only trusted proxies, and double-check any notification target before syncing.

Findings (5)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityLowConfidenceHighStatusNote

scripts/sync_service.py

"openclaw", "message", "send", "--channel", str(channel).strip(), "--target", str(target).strip(), "--account", str(account).strip()

When notification parameters are supplied, sync progress is sent through the local OpenClaw messaging CLI. The command is constructed as an argument list rather than a shell string, and it matches the documented notification feature.

User impactProgress or failure messages may be sent to the specified external channel or user.

RecommendationVerify channel, target, and account values before running sync-all with notifications.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceHighStatusNote

requirements.txt

beautifulsoup4>=4.14,<5
requests>=2.32,<3
markdownify>=1.2,<2

The skill depends on Python packages with version ranges but no lockfile or hashes in the provided artifacts. This is common, but it leaves dependency resolution to the install environment.

User impactDifferent installations could resolve to different dependency versions within the allowed ranges.

RecommendationInstall dependencies from trusted package indexes and consider pinning or reviewing exact versions in managed environments.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityHighConfidenceHighStatusConcern

SKILL.md

登录微信公众号后台并保存登录态

The skill explicitly uses and persists a WeChat public-account backend login session; this is high-impact account authority, and the provided metadata declares no primary credential.

User impactInstalling and using the skill may give the agent continued access to a logged-in WeChat public-account backend session for syncing and fetching account content.

RecommendationInstall only if you are comfortable granting that account access; use the least-privileged account available, know how to clear the login state, and confirm where session data is stored.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication

SeverityMediumConfidenceMediumStatusNote

SKILL.md

proxy-set ... --apply-article-fetch true ... --apply-sync true

The documented proxy can be applied to article fetching and syncing, which are tied to the logged-in WeChat backend workflow; an untrusted proxy could observe sensitive request traffic.

User impactIf you configure a third-party proxy, WeChat article-fetching or sync traffic may pass through it.

RecommendationUse only a trusted/local proxy, avoid shared or unknown proxy endpoints, and disable proxy use when it is not needed.

Memory and Context Poisoning

SeverityLowConfidenceHighStatusNote

scripts/cli_args.py

p.add_argument("--download-images", type=parse_bool, default=True)
p.add_argument("--save", type=parse_bool, default=True)

Article details and images are saved by default in the visible CLI argument definitions, creating persistent local content that may be reused in later reports or tasks.

User impactFetched article content, images, and generated reports can remain on disk after a task finishes.

RecommendationTreat saved article HTML/Markdown as untrusted content, review output locations, and delete retained data when it is no longer needed.