内容工厂
PassAudited by VirusTotal on May 10, 2026.
Overview
Type: OpenClaw Skill Name: jeff-content-factory Version: 1.0.2 The skill bundle exhibits several high-risk security practices and vulnerabilities. SKILL.md contains instructions that force the AI agent to print sensitive API keys (Tavily and Brave) to the console/logs during environment verification. Additionally, scripts/create_default_cover.py contains hardcoded WeChat AppID and AppSecret credentials. The bundle also includes proxy server implementations (scripts/wechat_proxy_scf/index.py and wechat_proxy_server.py) designed to tunnel API traffic through external servers to bypass WeChat's IP whitelisting. While these capabilities align with the stated goal of a WeChat content factory, the intentional exposure of secrets in logs and the use of hardcoded credentials represent significant security flaws.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Your API keys could be exposed in the conversation transcript, terminal output, logs, or screenshots.
The setup check prints the full Tavily API key from the local credential store; the same pattern is shown for Brave. Verifying a credential should not reveal the secret value.
python3 -c "import json; print(json.load(open('/root/.openclaw/credentials/tavily.json'))['api_key'])"Change the check to verify file presence or make a test request without printing the key; mask all secret output.
Publishing or API calls could use an unintended WeChat account or leak real provider credentials included with the skill.
The documentation shows an actual-looking WeChat AppSecret and also describes hardcoded default credentials as a fallback.
WECHAT_APP_SECRET=a6800143c0...; 5. 硬编码默认值(最低优先级)仅作为后备方案
Remove all real/default secrets from the package, require user-supplied credentials only, and rotate any exposed keys.
The agent may be able to publish drafts or media to a WeChat account if credentials are configured.
The publishing step can mutate a WeChat Official Account/public content surface, but the artifacts do not show a clear final approval gate immediately before publishing.
3. 发布到微信公众号(包含封面图) ... python scripts/wechat_publish.py --html ... --cover ...
Require explicit user confirmation immediately before any publish/upload action and clearly distinguish draft generation from public posting.
Installation may fail or prompt ad-hoc package installation not reflected in the registry metadata.
The skill has a mandatory external binary/runtime dependency even though the registry says no required binaries and no install spec.
yt-dlp tool is required for YouTube content extraction ... Provide installation command: pip install yt-dlp
Declare yt-dlp, Python package dependencies, and required credentials in metadata or installation documentation.