Skillv1.0.3

ClawScan security

WeChat Post Skill · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignApr 29, 2026, 2:11 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's requirements and runtime instructions align with a WeChat article preparation and handoff workflow; it asks only for the expected WeChat credentials and delegates actual publishing to companion tools.
Guidance: This skill appears to do exactly what it says: prepare WeChat articles and hand them to a user-authorized publisher. Before installing or using it, confirm: 1) you control the WECHAT_APP_ID and WECHAT_APP_SECRET values and never paste them into chat; 2) any companion publisher you plan to use (for example baoyu-post-to-wechat) is audited/trusted and installed in your environment; 3) the agent will create an articles/ folder and image files in your workspace—ensure that's acceptable and the agent has only the filesystem access you intend; 4) if you rely on browser-based image generation or publishing, use the dedicated companion skills named in the manifest (gemini-browser-image, etc.) rather than expecting this skill to perform browser automation. If those checks are acceptable, the skill is coherent and proportionate to its stated purpose.

Purpose & Capability: noteName/description describe an article workflow for WeChat Official Accounts and the only required secrets are WECHAT_APP_ID and WECHAT_APP_SECRET, which is appropriate. Minor note: the declared anyBins requirement (bun or npx) is plausible (to run companion Node-based publishers) but not strictly documented in SKILL.md as required commands — this is a small mismatch but explainable.
Instruction Scope: okSKILL.md stays within scope: it drafts markdown, creates an article folder, prepares image placeholders, self-reviews content, checks for presence of required env vars, and hands off to a companion publishing tool. It explicitly forbids printing/storing secrets and disclaims that browser automation/image generation/publishing are out of scope and should use companion skills.
Install Mechanism: okInstruction-only skill with no install spec and no bundled code. No downloads or archive extraction are requested, which is the lowest-risk install profile.
Credentials: okOnly WECHAT_APP_ID and WECHAT_APP_SECRET are required and WECHAT_APP_SECRET is marked primary — this is proportional to the described WeChat publishing handoff. No unrelated credentials or unusual config paths are requested.
Persistence & Privilege: okalways is false, there are no privileged persistence requests, and the skill does not attempt to modify other skills or system-wide configs. Autonomous invocation is allowed by default but not combined with other red flags.