Back to skill
Skillv1.8.0
ClawScan security
Wechat Daily Article · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
SuspiciousApr 28, 2026, 9:02 AM
- Verdict
- suspicious
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's code and runtime instructions match its stated goal (auto-write & upload WeChat articles) but the package fails to declare required credentials and contains risky behaviors (disabled SSL verification, arbitrary image downloads), so proceed with caution and verify before granting secrets.
- Guidance
- This skill appears to implement what it claims, but there are important red flags you should address before installing or handing over credentials: - Missing manifest declarations: The skill bundle uses WECHAT_APPID and WECHAT_APPSECRET to get a WeChat access token, and optionally FEISHU_APP_ID/FEISHU_APP_SECRET/FEISHU_USER_OPEN_ID for notifications. The registry metadata lists no required env variables — confirm and require these be declared before use. - Secret exposure risk: Only provide the minimal-scoped WeChat and Feishu credentials the skill needs. Prefer creating limited-scope service accounts and rotate keys after testing. Do not reuse high-privilege or account-wide secrets. - Network & download behavior: The script will download arbitrary image URLs (from sites suggested in SKILL.md). Downloaded data is then uploaded to WeChat/Feishu. Consider running the skill in an isolated environment and validate image sources to avoid accidental malware downloads or copyright issues. - SSL verification disabled: create_draft.py disables SSL certificate verification when downloading images (ssl.CERT_NONE). This weakens transport security and can enable MITM. Insist this be fixed (use default SSL verification) before trusting the skill with secrets. - Inspect & audit code: Because the skill runs arbitrary network requests and handles secrets, review the included scripts (create_draft.py, feishu_sender.py) line-by-line or run them in a sandbox to ensure they only call the documented endpoints and do not exfiltrate data elsewhere. If you proceed: supply only the minimal credentials, test in an isolated account/agent, verify SSL behavior, and require the publisher to update the skill manifest to declare required env vars and a homepage/source for accountability.
Review Dimensions
- Purpose & Capability
- concernThe skill's stated purpose (generate WeChat articles and upload drafts) aligns with the included scripts (create_draft.py uploads images and creates a WeChat draft). However the skill registry metadata declares no required environment variables or primary credential, yet the included code clearly expects WECHAT_APPID and WECHAT_APPSECRET (and optionally FEISHU_APP_ID/FEISHU_APP_SECRET/FEISHU_USER_OPEN_ID). The omission of these required secrets from manifest is an incoherence and a security/operational risk.
- Instruction Scope
- noteSKILL.md stays within the declared workflow (search hotspots, write HTML, find images, save to /tmp, run create_draft.py). It instructs downloading arbitrary image URLs and uploading them. That is consistent with purpose but grants the skill the ability to fetch arbitrary external content and pass it to the platform. The script also uses platform-specific paths (/root/.openclaw/...) which may assume agent filesystem layout.
- Install Mechanism
- okNo install spec — instruction-only with bundled scripts. No remote downloads during install. This is low install risk; code ships in the skill bundle and will run on the agent if invoked.
- Credentials
- concernThe manifest lists no environment variables but the code reads multiple secrets: WECHAT_APPID and WECHAT_APPSECRET (required by create_draft.py) and FEISHU_APP_ID / FEISHU_APP_SECRET / FEISHU_USER_OPEN_ID (used by feishu_sender.py). Requesting these credentials is reasonable for the claimed functionality, but the failure to declare them in requires.env is a significant mismatch and makes it unclear what secrets the skill will access. The multiplicity of credentials (WeChat + Feishu) should be explicitly declared.
- Persistence & Privilege
- okThe skill is not always-enabled and does not request system-wide persistent privileges. It writes temporary files under /tmp and reads environment variables. It does not modify other skills or system configs. However it will make outbound network calls to third-party APIs (WeChat, Feishu) and to arbitrary image URLs during normal operation.