Markdown 发布为微信公众号草稿（wenyan-cli；主题、代码高亮）。公众号发布。

What to consider before installing: - Credentials: This skill needs your WeChat AppID and AppSecret. Provide them via environment variables rather than committing them to files in source control. The script will also try to read ~/.openclaw/workspace/TOOLS.md for these values—verify and sanitize that file if you rely on it. - Implicit global install: The included script will attempt to run 'npm install -g @wenyan-md/cli' if the wenyan CLI is missing. That will fetch and install code from the npm registry at runtime and modify global npm state. Only proceed if you trust @wenyan-md/cli and you are comfortable allowing a runtime global npm install (or preinstall wenyan-cli yourself in a controlled way). - Filesystem access: The script reads a fixed path (~/.openclaw/workspace/TOOLS.md). If you do not want code to read that file, ensure the file does not contain secrets or run the script with WECHAT_* env vars set and/or remove/lock that path. - Cross-skill behavior: The agent instructions call xqx-image-generator and require downloading generated images locally. Verify you trust the image-generator skill and audit any network activity that results from downloading images. - Operational safety: Run the tool in an isolated environment (container or dedicated machine) if you are unsure, and review the wenyan-cli project (https://github.com/caol64/wenyan-core or the cli repo) before allowing the skill to install dependencies or publish content. If you need higher assurance, modify the script to remove the implicit npm install and to fail rather than read TOOLS.md.