Skillv1.0.0

ClawScan security

wechat-article-reader · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 18, 2026, 2:11 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill does what it says (fetch and parse public WeChat articles) and requires no credentials, but it performs outbound HTTP fetches and uses a naive substring check for mp.weixin.qq.com that could cause it to fetch attacker-controlled hosts (IP exposure / SSRF-like risk).
Guidance: This skill appears to do exactly what it promises (fetch and parse public WeChat article pages) and does not request secrets, but it will make outbound HTTP requests to whatever URL you give it. Before installing/using: 1) be aware that the agent’s network identity (IP, headers) will be revealed to the remote host; 2) the script validates links by substring, not by parsing the hostname — a malicious URL that merely contains "mp.weixin.qq.com" could be fetched instead of a real WeChat page (consider an attacker-crafted link); 3) if you need to restrict risk, run this skill in a network‑isolated environment or add a validation step (verify URL scheme is https and netloc equals mp.weixin.qq.com, follow a safe redirect policy); 4) don’t feed internal or sensitive URLs to the skill. If you want, I can suggest a small code change to strictly validate the hostname and reduce SSRF/IP‑leak risk.

Review Dimensions

Purpose & Capability: okName/description match the provided code and instructions: the script fetches a mp.weixin.qq.com URL and extracts title, author, time, and content. No unrelated binaries, env vars, or permissions are requested.
Instruction Scope: concernSKILL.md instructs the agent to run the included script when a WeChat article link is detected. The script performs outbound HTTP requests to the given URL and parses HTML. However the URL check is a simple substring test ("mp.weixin.qq.com" in url) rather than validating the URL host; that can allow non-wechat hosts containing that substring to be fetched. The runtime instructions also cause the agent environment to reveal its network identity to remote servers (agent IP, headers).
Install Mechanism: okNo install spec; this is an instruction-only skill with an included Python script. Nothing is downloaded from external installers or third‑party registries.
Credentials: okNo environment variables, credentials, or config paths are requested. The script operates using only standard library networking; that is proportionate to web-scraping its stated target.
Persistence & Privilege: okSkill is not always-enabled and does not request elevated or persistent platform privileges. It does not modify other skills or system settings.