ClawHub

wechat daily report

v1.0.0

微信群聊天记录日报图片生成工具。分析微信群聊天记录,结合 AI 生成内容,**最终输出为手机端分辨率的日报长图(PNG)**。

3· 1.3k·9 current·9 all-time
by@justao
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The declared purpose (generate a WeChat group daily-report PNG) is plausible and matches the described workflow, but the SKILL.md requires running files (scripts/analyze_chat.py, scripts/generate_report.py, references/ai_prompt.md) that are not present in the package. That mismatch means the package as delivered cannot perform its stated job and may be relying on external code not shown here.
!
Instruction Scope
Runtime instructions tell the agent/user to analyze chat JSON, produce simplified_chat.txt and stats.json, have an AI produce ai_content.json per references/ai_prompt.md, then render a PNG using Playwright/Chromium. The instructions themselves do not attempt to access unrelated system paths or extra credentials, but they assume missing helper scripts and a missing prompt file — a significant scope/integrity gap. Also the skill processes personal chat logs (sensitive PII) which is expected but should be highlighted to the user.
Install Mechanism
There is no packaged install spec (instruction-only). SKILL.md instructs installing Python deps (jieba, jinja2, playwright) and running 'playwright install chromium' — a reasonable but impactful operation (downloads Chromium). Because no code is installed by the skill itself, the installation risk is limited to the user following those pip commands locally.
Credentials
The skill requests no environment variables, credentials, or config paths. That is proportionate to the stated functionality. However, the skill will process potentially sensitive chat data; the package provides no guidance about safe handling, retention, or where AI generation occurs (local LLM vs external API).
Persistence & Privilege
No 'always' privilege is requested, no installs or persistent background components are bundled. The skill is user-invocable and does not request autonomous/always-on presence.
What to consider before installing
Do not run or trust this package as-is. The SKILL.md references scripts (scripts/analyze_chat.py, scripts/generate_report.py) and references/ai_prompt.md that are missing — you must obtain and review those files before running anything. Because this workflow processes private WeChat group messages, verify the missing scripts do not exfiltrate data, call external endpoints, or upload logs to third parties. If you still want to use it: (1) ask the publisher for the missing scripts and ai_prompt.md and review them line-by-line for network calls and credential usage; (2) run installs (pip, playwright) in an isolated environment or container because playwright will download Chromium; (3) if AI calls are required, confirm which model/service is used and whether data is sent externally; (4) prefer local execution or audit any remote endpoints for TLS and ownership. If the author cannot provide the missing code or clear provenance, treat the skill as incomplete/untrusted.

Like a lobster shell, security has layers — review code before you run it.

latestvk97f9herkdtexeks6n4ypg3c61810kg4

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments