Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
odd-articles
v1.0.0内容生产和分发统一管线。素材收集→出稿→排版→封面→朋友圈文案→多平台转换→一键分发。涵盖公众号写作、微贴图轮播图、博客园文案、微博文案、品牌视频、Chrome CDP 自动发布。
⭐ 0· 33·0 current·0 all-time
byJacky Wei@jackyhwei
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Suspicious
high confidencePurpose & Capability
The README/SKILL.md describe an end‑to‑end article pipeline and multi‑platform publishing (WeChat, CNBlogs, Weibo, Douyin, Xiaohongshu, etc.), which is consistent with the included scripts. However the registry metadata claims no required env variables or credentials while SKILL.md and the code require many credentials (WECHAT_APPID/WECHAT_APPSECRET, CNBLOGS_TOKEN, paths for MD formatter, etc.). That mismatch between declared requirements (none) and the actual code/instructions is a coherence concern.
Instruction Scope
Runtime instructions and scripts instruct the agent to read and write local files (OUTPUT_DIR drafts/current.json, references/, local/.env), to fetch external URLs (Wechat article fetching, ModelScope image API), and to publish to external platform APIs. SKILL.md also describes '自动记录/自动识别' of conversational material (auto-recording items from conversation), which broadens data collection. The instructions access environment variables and local config paths that were not declared in registry metadata.
Install Mechanism
There is no formal install spec (instruction‑only from registry), but the package includes many runnable scripts (Python/TypeScript/Bun). No remote downloads are performed by an install step, which lowers supply‑chain risk, but the code will be present on disk and is intended to be executed locally — review before running.
Credentials
The skill expects multiple credentials and local paths (WeChat app id/secret, CNBlogs token, MD formatter paths, etc.) even though the registry declares none. Additional concerns: generate_img.py includes a hardcoded ModelScope API key (embedded in the script), and wechat-api.ts reads/writes config and a token cache under the user's home (~/.config/wechat-api). These are reasonable for a publisher tool in principle, but the undeclared credential requirements and embedded key are disproportionate and risky.
Persistence & Privilege
The skill does not set always:true. It does create and use local persistent artifacts: browser profile directories for Chrome CDP, a token cache (~/.config/wechat-api/token-cache.json), and may create config files. It does not appear to modify other skills or system agent configuration, but it will store credentials/config in the user's home.
Scan Findings in Context
[hardcoded-api-key] unexpected: scripts/generate_img.py contains a hardcoded ModelScope API key (ms-c5105352-22dd-4be1-8e2d-e057ae27df8d). Embedding third‑party API keys in distributed code is unsafe and unexpected; this key may be leaked or abused and should be removed.
[tls-disable] unexpected: scripts/distribute/wechat-api.ts sets BUN_FETCH_OPTS = { tls: { rejectUnauthorized: false } }, disabling TLS certificate verification for WeChat API calls. This weakens transport security and can expose requests to man‑in‑the‑middle attacks — not appropriate for production credential uploads.
[reads-writes-user-config] expected: wechat-api.ts reads credentials from environment variables and a config file (~/.config/wechat-api/config.json) and writes a token cache under ~/.config. Persisting tokens locally is expected for an authed publisher, but users should be aware the skill will create/modify files in their home directory.
[launches-chrome-remote-debugging] expected: distribute CDP utilities spawn Chrome with --remote-debugging-port and create browser profile dirs. Using CDP to automate web publishing is consistent with the stated purpose, but it grants the skill the ability to control a local browser profile and interact with web content.
[exec-spawn-and-shell] expected: The code uses child process exec/spawn (spawnSync, execSync, npx/bun invocations) to run markdown conversion and start Chrome. This is expected for the tool's workflow but means scripts will execute subprocesses on the host — review before running.
What to consider before installing
What to consider before installing/running this skill:
- The skill’s description matches the code (it will fetch WeChat articles, convert Markdown, generate images, and publish to multiple platforms), but the registry wrongly lists no required credentials. Expect to provide real platform tokens (WeChat AppID/Secret, CNBlogs PAT, etc.) in local/.env.
- Review and remove the hardcoded ModelScope API key in scripts/generate_img.py; do not use the embedded key. Treat it as compromised and rotate/revoke if it's yours.
- The wechat-api implementation disables TLS verification for fetch calls — this is insecure. Do not run in production without fixing that (remove rejectUnauthorized:false).
- The skill will create and use local files under your home (~/.config/*), and will launch Chrome with a custom profile and remote debugging. If you run it, consider using an isolated environment (container, dedicated user account, or VM) rather than your primary workstation.
- Audit local/.env and any config files before running. Only provide credentials you intend to allow this tool to use, and prefer platform tokens with minimal scope. If possible, test in preview/dry‑run modes first.
- If you are not comfortable reviewing or modifying the code, do not run the publishing scripts with real credentials. If you proceed, remove the TLS bypass and the embedded API key first.scripts/distribute/cdp-utils.ts:285
Shell command execution detected (child_process).
scripts/distribute/distribute.ts:130
Shell command execution detected (child_process).
scripts/distribute/platforms/wechat.ts:56
Shell command execution detected (child_process).
scripts/distribute/wechat-api.ts:188
Shell command execution detected (child_process).
scripts/distribute/cdp-utils.ts:50
Environment variable access combined with network send.
scripts/distribute/wechat-api.ts:27
Environment variable access combined with network send.
scripts/distribute/cdp-utils.ts:487
File read combined with network send (possible exfiltration).
scripts/distribute/wechat-api.ts:83
File read combined with network send (possible exfiltration).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.Like a lobster shell, security has layers — review code before you run it.
latestvk972v72news75b8q8ze5hncra584seha
License
MIT-0
Free to use, modify, and redistribute. No attribution required.