WeChat朋友圈营销
PassAudited by VirusTotal on May 8, 2026.
Overview
Type: OpenClaw Skill Name: jeff-wechat-post Version: 1.0.0 The skill bundle is a specialized tool for generating WeChat marketing content (copy and images) using the KIE and Seedream APIs. It includes a complete workflow for gathering user requirements, generating text, and creating professional posters with features like QR code compositing and background color correction. The included Python scripts (e.g., kie-callback-server.py, seedream_cover.py) are functional components required for interacting with external image generation services and handling asynchronous webhooks. No evidence of malicious intent, data exfiltration, or harmful prompt injection was found.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A local service may be reachable from the internet during generation, increasing exposure beyond normal document or image creation.
The skill directs the agent/user to start a background local callback server and expose it through a public tunnel as part of image generation, but the artifacts do not define authentication, allowed callers, shutdown, or approval limits.
python3 ${SKILL_DIR}/scripts/kie-callback-server.py &
cloudflared tunnel --url http://127.0.0.1:8787Run the tunnel only when needed, stop it immediately after use, prefer localhost-only polling if possible, and add a secret callback path or token validation.
Anyone able to reach the callback URL could submit data that gets stored locally and may be mistaken for a real provider callback.
The callback handler saves POST headers and body content and returns success, with no visible signature, token, source, path, or payload validation.
"headers": {k: v for k, v in self.headers.items()},
"body": parsed,
...
self._reply(200, {"ok": True, "saved": stem})Require provider signature verification or a random per-task secret, restrict accepted paths, set request-size limits, and avoid storing unnecessary headers.
A spoofed or corrupted callback could cause the skill to save the wrong file or download content from an unexpected URL.
The downloader trusts URLs from callback files and writes the downloaded content to the requested output path; paired with unauthenticated callbacks, poisoned callback data could propagate into local outputs.
result = json.loads(data['resultJson']) url = result['resultUrls'][0] download_url(url, output_path)
Verify callback authenticity, confirm the task ID came from the provider, allowlist expected result domains, and validate downloaded content type before saving.
The skill requires access to local provider credentials even though the metadata does not clearly present that requirement.
The script reads a local KIE API key and uses it as a bearer token. This is purpose-aligned for image generation, but the registry metadata declares no primary credential.
obj = json.loads(Path('/root/.openclaw/credentials/kie.json').read_text())
...
'Authorization': f"Bearer {cfg['api_key']}"Declare the KIE and Seedream credential files in metadata, document required token scope, and keep those credential files readable only by the intended user.
A QR code preference from an earlier task could affect later poster generation if the user does not notice or reset it.
The skill persists QR-code settings and reads them on later runs, which can carry a personal QR path or preference across projects.
$HOME/.jeffli-skills/jeffli-wechat-post/qrcode_setting.txt $HOME/.jeffli-skills/qrcode_setting.txt ... Read priority on next run
Show the current QR setting before reuse, avoid global defaults for personal QR codes, and provide a clear reset/delete instruction.
Users may not realize they need additional tools, libraries, and provider credentials before the skill can run safely and predictably.
The package nevertheless includes runnable scripts and workflow commands that depend on external tools and libraries, so the runtime/provenance contract is incomplete.
No install spec — this is an instruction-only skill.
Add an install spec or setup section that lists Python dependencies, cloudflared/curl requirements, credential files, and supported operating assumptions.