WeChat朋友圈营销
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill is coherent for making WeChat marketing posts, but it needs review because it opens an unauthenticated callback tunnel and relies on undeclared local API credentials and persistent QR settings.
Install only if you are comfortable giving the skill access to KIE/Seedream API keys and sending marketing prompt content to those providers. If using KIE callbacks, run the tunnel temporarily, add a secret or verification step if possible, and stop the server after generation. Review or reset stored QR-code settings before creating posts for different products or clients.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A local service may be reachable from the internet during generation, increasing exposure beyond normal document or image creation.
The skill directs the agent/user to start a background local callback server and expose it through a public tunnel as part of image generation, but the artifacts do not define authentication, allowed callers, shutdown, or approval limits.
python3 ${SKILL_DIR}/scripts/kie-callback-server.py &
cloudflared tunnel --url http://127.0.0.1:8787Run the tunnel only when needed, stop it immediately after use, prefer localhost-only polling if possible, and add a secret callback path or token validation.
Anyone able to reach the callback URL could submit data that gets stored locally and may be mistaken for a real provider callback.
The callback handler saves POST headers and body content and returns success, with no visible signature, token, source, path, or payload validation.
"headers": {k: v for k, v in self.headers.items()},
"body": parsed,
...
self._reply(200, {"ok": True, "saved": stem})Require provider signature verification or a random per-task secret, restrict accepted paths, set request-size limits, and avoid storing unnecessary headers.
A spoofed or corrupted callback could cause the skill to save the wrong file or download content from an unexpected URL.
The downloader trusts URLs from callback files and writes the downloaded content to the requested output path; paired with unauthenticated callbacks, poisoned callback data could propagate into local outputs.
result = json.loads(data['resultJson']) url = result['resultUrls'][0] download_url(url, output_path)
Verify callback authenticity, confirm the task ID came from the provider, allowlist expected result domains, and validate downloaded content type before saving.
The skill requires access to local provider credentials even though the metadata does not clearly present that requirement.
The script reads a local KIE API key and uses it as a bearer token. This is purpose-aligned for image generation, but the registry metadata declares no primary credential.
obj = json.loads(Path('/root/.openclaw/credentials/kie.json').read_text())
...
'Authorization': f"Bearer {cfg['api_key']}"Declare the KIE and Seedream credential files in metadata, document required token scope, and keep those credential files readable only by the intended user.
A QR code preference from an earlier task could affect later poster generation if the user does not notice or reset it.
The skill persists QR-code settings and reads them on later runs, which can carry a personal QR path or preference across projects.
$HOME/.jeffli-skills/jeffli-wechat-post/qrcode_setting.txt $HOME/.jeffli-skills/qrcode_setting.txt ... Read priority on next run
Show the current QR setting before reuse, avoid global defaults for personal QR codes, and provide a clear reset/delete instruction.
Users may not realize they need additional tools, libraries, and provider credentials before the skill can run safely and predictably.
The package nevertheless includes runnable scripts and workflow commands that depend on external tools and libraries, so the runtime/provenance contract is incomplete.
No install spec — this is an instruction-only skill.
Add an install spec or setup section that lists Python dependencies, cloudflared/curl requirements, credential files, and supported operating assumptions.