Skillv1.0.1

ClawScan security

发表微信公众号文章_无限 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignApr 19, 2026, 12:32 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is an instruction-only, UI-driven checklist for publishing WeChat Official Account articles and its declared requirements (no installs, no env vars, no credentials) match what the instructions ask the agent/user to do.
Guidance: This skill is basically a detailed, prescriptive checklist for manually publishing WeChat posts and is internally consistent. Before installing or letting an agent act on it, check two things: (1) if you expect the agent to read local Word (.docx) files, confirm which 'docx' skill or component will be used and that you trust it to access only the intended files; (2) the instructions involve interacting with your browser/UI — make sure you are comfortable with an agent being allowed to control or instruct UI actions and that it will not be given your WeChat credentials or other unrelated secrets. If you want extra safety, keep autonomous invocation off until you verify the skill’s behavior and the docx integration.

Purpose & Capability: okThe name/description claim a WeChat article publishing helper and the SKILL.md contents are detailed step-by-step UI instructions for that exact task. There are no requested binaries, environment variables, or installs that would be unrelated to publishing articles.
Instruction Scope: noteThe instructions are narrowly focused on interacting with the WeChat mp.weixin.qq.com publishing UI (clicking buttons, switching browser tabs, formatting text, inserting a cover image via the AI image menu). One minor inconsistency: some files state '使用docx技能读取文档' (use a docx skill to read Word documents) but this skill does not declare or require that other skill or any config path. If the agent will be granted access to local Word files (via a separate docx skill), that is expected for the stated purpose but worth verifying.
Install Mechanism: okNo install spec and no code files — the skill is instruction-only and does not download or install anything. This is the lowest-risk install profile.
Credentials: okThe skill does not request environment variables, credentials, or config paths. Nothing disproportionate is being requested relative to the claimed functionality.
Persistence & Privilege: okFlags are standard: always=false, user-invocable=true, model invocation allowed. The skill does not request permanent presence or system-wide configuration changes.