Wechat Search Weread
WarnAudited by ClawScan on May 16, 2026.
Overview
The skill’s WeChat article search workflow is coherent, but its WSL/CDP setup can leave a remotely reachable browser-control port and it uses a logged-in WeRead browser session.
Install only if you need WeRead-based WeChat article search. Use a dedicated browser profile, scan the WeRead QR code only when you requested the search, and be very cautious with the WSL commands that open and persist a CDP port/firewall rule; remove those rules after use.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If that port is reachable, another local or network process could drive the debug browser and potentially use its logged-in WeRead session.
The WSL setup publishes the CDP proxy on all interfaces and opens the Windows firewall. CDP is a browser-control interface, so this is broader than needed for a search-only workflow.
listenport=9223 listenaddress=0.0.0.0 ... advfirewall firewall add rule ... localport=9223
Use a dedicated temporary browser profile, bind/permit the port only as narrowly as possible, and remove the firewall and portproxy rules after use.
A browser-control network route may remain configured after the search task is finished, increasing exposure if a debug browser is later running.
The documentation states the port-forwarding rule persists after reboot, but the provided artifacts do not include a cleanup or disable step.
- **端口转发规则重启后持久**,只需运行一次
Add and follow explicit cleanup commands for the portproxy and firewall rule, or avoid creating persistent rules.
The agent can operate through a logged-in account session, and the optional cookie-clearing step may affect more browser session state than just the intended WeRead login.
The skill requires a logged-in WeRead session and includes a CDP cookie-clearing command without a visible domain or browser-context filter.
- 微信读书已登录 ... 'method': 'Storage.clearCookies', 'params': {}Scan the QR code only when you intentionally requested this search, use a dedicated browser profile, and prefer site-scoped session cleanup where possible.
During use, the agent will execute code that controls the browser page to collect article links.
The skill intentionally runs Python and browser-side eval through CDP. This is disclosed and purpose-aligned, but it is still powerful browser automation.
Step 4(提取 URL)用 `execute_code` 中的 Python + websockets 直接连 page-level CDP WebSocket 做批量 eval 提取。
Use this only for the intended WeRead search workflow and avoid approving unrelated browser-control actions.
Dependency and provenance checks are less complete, so setup behavior depends on manual instructions rather than registry-enforced requirements.
The registry metadata does not declare installation requirements, while the docs depend on agent-browser and the script uses Python CDP/websocket tooling.
Source: unknown ... Required binaries (all must exist): none ... No install spec
Install only from a trusted source, review the included files, and verify agent-browser and Python dependencies yourself.