Skillv1.4.1

ClawScan security

创建公众号文章合集_无限 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignApr 19, 2026, 11:45 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's requested actions and requirements are consistent with its stated purpose (automating creation of a WeChat Official Account article collection); it requires controlling the user's browser session which is necessary for the task but is sensitive, so proceed only if you trust the skill and the environment.
Guidance: This skill is coherent for automating creation of a WeChat article collection, but it requires controlling your browser and will access session tokens visible in URLs. Only install if you trust the skill and the agent runtime. Recommendations before use: (1) test with a throwaway or low-privilege WeChat MP account, not with production credentials; (2) run it in an isolated browser profile that doesn't contain other logged-in services; (3) review platform logs for any unexpected network exfiltration, and do not enable 'always:true' or give unrelated credentials to the skill. If you need more assurance, ask the skill author how session tokens are handled and whether the agent ever transmits them outside the browser.

Review Dimensions

Purpose & Capability: okThe name/description match the instructions: all steps describe driving a browser to the WeChat MP (mp.weixin.qq.com) backend to create a collection. The skill does not request unrelated credentials or external services and does not attempt operations beyond creating a collection in the MP backend.
Instruction Scope: noteThe SKILL.md instructs the agent to start/control the host OpenClaw-managed Chrome, navigate to the WeChat MP root to extract a session token from the redirected URL, open pages, take snapshots, click refs, switch tabs and type into inputs. Those actions are within the stated purpose. Important caution: extracting and substituting the token requires access to a session token embedded in the browser URL (sensitive data). The instructions do not tell the agent to transmit that token externally, but an agent controlling the browser will have access to it — treat that as a sensitive capability.
Install Mechanism: okThis is an instruction-only skill with no install spec and no code files; nothing is downloaded or written to disk by the skill package itself, which minimizes installation risk.
Credentials: noteThe skill requests no environment variables or external credentials. However, it requires control of the host browser and will operate within your logged-in WeChat MP session (access to session tokens and UI). That level of access is necessary for the task but is sensitive — ensure the browser profile used does not expose other unrelated accounts or secrets.
Persistence & Privilege: okalways is false and the skill does not request persistent/automatic system-wide privileges or modify other skills. Autonomous invocation is enabled (platform default) which is expected for skills that perform interactive browser actions; there is no explicit elevation of privilege in the package metadata.