Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
腾讯视频号发布
v1.0.0腾讯视频号发布。使用浏览器自动化在微信视频号平台发布视频。当用户说"发布视频到视频号"、"发视频号"时使用此技能。
⭐ 3· 702·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The skill's name/description (publish to 微信视频号) matches the runtime instructions (open the platform URL, require WeChat QR login, upload a local MP4, fill title/description, set location/visibility, and publish). It explicitly expects an OpenClaw Chrome extension / Browser Relay for browser automation, but the registry metadata did not declare this dependency. That mismatch is a minor coherence issue (the instructions assume platform browser automation capability).
Instruction Scope
SKILL.md stays within the publishing task: it instructs opening the post creation URL, prompting the user to scan a QR code to log in, uploading a local video file, and filling form fields. It does not instruct the agent to read unrelated files, access system credentials, or transmit data to unexpected endpoints. Note: it instructs adding a specific phrase to the description and a fixed location ('苏州中心') which are content decisions but not security concerns.
Install Mechanism
Instruction-only skill with no install spec and no code files — minimal risk from installation. The SKILL.md relies on an existing browser automation facility (OpenClaw Chrome extension / Browser Relay) rather than installing new software; that reliance is documented only in the instructions.
Credentials
The skill requests no environment variables, credentials, or config paths. The workflow requires the user's WeChat scan for authentication and access to a local video file for upload — both are proportionate and expected for the task.
Persistence & Privilege
always is false and the skill is user-invocable; it does not request permanent agent presence or elevated privileges. No instructions modify other skills or system-wide settings.
Assessment
This skill appears to do what it says: automate publishing a video to 微信视频号 using a browser automation extension. Before installing or using it: (1) Confirm your environment supports the referenced OpenClaw Chrome extension / Browser Relay — the skill assumes that but does not declare it in metadata. (2) Be prepared to scan the WeChat QR with your own account — the skill relies on your interactive login; do not share your WeChat credentials. (3) The skill will prompt you to upload a local video file — only upload content you intend to publish. (4) Review the description text it adds (the SKILL.md suggests inserting a joking phrase that reveals automation); edit that if you don’t want such text published. (5) If the skill later asks for unrelated secrets, system files, or to download/run external code, stop and investigate. Overall the skill is coherent with its purpose but verify the required browser automation capability is available before use.Like a lobster shell, security has layers — review code before you run it.
latestvk973ebjt2zvdsw1btzrf3gqp81827khdpublishvk973ebjt2zvdsw1btzrf3gqp81827khdvideovk973ebjt2zvdsw1btzrf3gqp81827khdweixinvk973ebjt2zvdsw1btzrf3gqp81827khd
License
MIT-0
Free to use, modify, and redistribute. No attribution required.