Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
wechat-article-reader
v1.0.0读取微信公众号文章内容,返回标题、公众号名、发布时间和正文。 使用场景:(1) 用户发来 mp.weixin.qq.com/s/xxx 链接要求阅读或总结, (2) 用户提到"微信文章"、"公众号文章"、"帮我看看这篇"并附带微信链接, (3) 需要提取微信公众号文章内容进行分析、翻译或摘要。 不适用于:搜索公众...
⭐ 0· 108·0 current·0 all-time
byMianPeng Zheng@ianen
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description match the provided code and instructions: the script fetches a mp.weixin.qq.com URL and extracts title, author, time, and content. No unrelated binaries, env vars, or permissions are requested.
Instruction Scope
SKILL.md instructs the agent to run the included script when a WeChat article link is detected. The script performs outbound HTTP requests to the given URL and parses HTML. However the URL check is a simple substring test ("mp.weixin.qq.com" in url) rather than validating the URL host; that can allow non-wechat hosts containing that substring to be fetched. The runtime instructions also cause the agent environment to reveal its network identity to remote servers (agent IP, headers).
Install Mechanism
No install spec; this is an instruction-only skill with an included Python script. Nothing is downloaded from external installers or third‑party registries.
Credentials
No environment variables, credentials, or config paths are requested. The script operates using only standard library networking; that is proportionate to web-scraping its stated target.
Persistence & Privilege
Skill is not always-enabled and does not request elevated or persistent platform privileges. It does not modify other skills or system settings.
What to consider before installing
This skill appears to do exactly what it promises (fetch and parse public WeChat article pages) and does not request secrets, but it will make outbound HTTP requests to whatever URL you give it. Before installing/using: 1) be aware that the agent’s network identity (IP, headers) will be revealed to the remote host; 2) the script validates links by substring, not by parsing the hostname — a malicious URL that merely contains "mp.weixin.qq.com" could be fetched instead of a real WeChat page (consider an attacker-crafted link); 3) if you need to restrict risk, run this skill in a network‑isolated environment or add a validation step (verify URL scheme is https and netloc equals mp.weixin.qq.com, follow a safe redirect policy); 4) don’t feed internal or sensitive URLs to the skill. If you want, I can suggest a small code change to strictly validate the hostname and reduce SSRF/IP‑leak risk.Like a lobster shell, security has layers — review code before you run it.
latestvk975nvybe934gm3j55734f43t5834y8w
License
MIT-0
Free to use, modify, and redistribute. No attribution required.