Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Baoyu Post To Wechat

v1.89.2

Posts content to WeChat Official Account (微信公众号) via API or Chrome CDP. Supports article posting (文章) with HTML, markdown, or plain text input, and image-tex...

⭐ 0· 1.3k·50 current·50 all-time

byJim Liu 宝玉@jimliu

MIT-0

Download zip

LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.

Security Scan

VirusTotal

Benign

View report →

OpenClaw

Benign

medium confidence

✓

Purpose & Capability

Name/description align with the bundled scripts: there are explicit scripts for browser CDP automation, API posting, markdown → WeChat HTML conversion, clipboard handling, and first-time setup. Declared runtime bins (bun or npx) are appropriate for running the included TypeScript/Node scripts.

ℹ

Instruction Scope

SKILL.md instructs the agent to run the local scripts, read/write EXTEND.md and optionally .env files, and to automate Chrome (open editor, paste HTML, replace image placeholders) using clipboard and synthetic keystrokes. All of this is coherent with the stated purpose, but these instructions give the skill the ability to control the user's browser session, read project/home config, and perform OS-level clipboard/keystroke operations — higher privilege than a pure API-only poster.

✓

Install Mechanism

There is no external install spec; all code is bundled in the skill (no downloads from untrusted URLs). Scripts are run via bun or npx; npx may transiently fetch packages (typical behavior). No remote installers or opaque archive extraction was found in the provided manifest.

ℹ

Credentials

Registry metadata lists no required env vars, which is reasonable because API credentials are optional and managed via EXTEND.md or .env files. The code does read environment variables such as WECHAT_BROWSER_CHROME_PATH, BAOYU_CHROME_PROFILE_DIR / WECHAT_BROWSER_PROFILE_DIR, and looks for WECHAT_APP_ID in .baoyu-skills/.env; these are relevant to browser automation and API publishing. Requesting AppID/AppSecret for API posting and a Chrome profile path for browser posting is proportionate, but users should be explicit about where they store credentials.

Persistence & Privilege

The skill will create and write EXTEND.md under project or user .baoyu-skills/, may create a Chrome profile directory, and automates an existing or new Chrome profile. If the skill is configured to use a non-isolated Chrome profile (i.e., your default profile), it can interact with your main browser session and potentially modify it. The skill does not require 'always:true', but its runtime privileges (clipboard, keystrokes, profile access) are significant — users should prefer an isolated profile and review config paths before running.

Assessment

This skill appears to do what it says: convert markdown/HTML and post to WeChat either via the official API (requires AppID/AppSecret) or by automating Chrome and pasting content/images. Before installing or running it, consider the following: - Privileged actions: The skill automates the browser, sends keystrokes, and manipulates the system clipboard (macOS swift scripts, xclip/wl-copy on Linux, PowerShell on Windows). These are necessary for browser-based posting but are high‑privilege operations — run only on machines you control. - Chrome profile isolation: Configure a dedicated Chrome profile path (EXTEND.md chrome_profile_path or env var) to avoid the skill interacting with your main Chrome profile. If the skill uses your default profile it could change your browser state or use your logged-in sessions. - Credentials: API publishing requires WECHAT_APP_ID/WECHAT_APP_SECRET (stored in EXTEND.md or .env). Provide credentials only if you trust the code, and consider creating a dedicated testing account you can revoke. The skill will read .baoyu-skills/.env in project or home — check those files before running. - Review and audit: The repository includes all scripts locally (no hidden downloader). If you are not fully comfortable, inspect wechat-api.ts and the CDP scripts (wechat-browser.ts / cdp.ts / copy-to-clipboard.ts) to confirm endpoints and behavior. - Run checks first: Use the included check-permissions.ts to verify required tooling and to see whether profile isolation is detected. Prefer the API method where possible (fewer local side-effects). If you want lower risk, run this in a VM or sandbox, create an isolated Chrome profile, and use a disposable WeChat account for initial testing.

✗

scripts/cdp.ts:51