v2.0.4

Wechat Articles Spider

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 8:32 AM.

Analysis

This is a disclosed WeChat crawler and payment skill, but it deserves review because it stores WeChat session cookies and automates crawling that its own docs say can get accounts banned.

GuidanceReview carefully before installing. Only use a WeChat account you are willing to risk, protect or delete the saved weixin_credentials.py file, verify the USDC receiving address and price before paying, and run the skill in an isolated directory or virtual environment with conservative crawl limits.

Findings (6)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityMediumConfidenceHighStatusConcern

README.md

切记不要用官方的账号！！！，因为账号可能被封禁 ... 使用随机延迟(5-15秒)减少被检测风险

The documentation itself says the automated crawling may trigger detection and account bans, and it recommends behavior intended to reduce detection.

User impactUsing the skill can put the logged-in WeChat account at risk of enforcement or banning, especially if the agent runs large or repeated crawls.

RecommendationUse only where you have permission, set conservative crawl limits, require explicit approval for large or scheduled crawls, and do not use an important production WeChat account.

Tool Misuse and Exploitation

SeverityLowConfidenceHighStatusNote

SKILL.md

allowed-tools: Bash(python3:*) Read Write Edit

The skill can run Python commands and read/write/edit local files; this is expected for a local crawler but broader than a single narrowly-scoped command.

User impactIf invoked too broadly, the agent could run local Python code or modify files beyond the intended crawl output.

RecommendationKeep the skill user-invoked, review commands before execution, and run it from a dedicated working directory.

Rogue Agents

SeverityLowConfidenceHighStatusNote

spider_api.py

self.queue = AsyncTaskQueue()
        self.queue.start_worker(self._do_crawl)

The API starts an asynchronous worker thread for queued crawls when the API object is initialized; this is disclosed as async processing but is persistent while the process runs.

User impactPaid or queued crawls may continue in the background during the running process rather than only at the immediate command prompt.

RecommendationMonitor queued tasks, stop the process when work should end, and clear the queue data if you do not want pending tasks retained.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceHighStatusNote

requirements.txt

selenium>=4.0.0
webdriver-manager>=3.8.0
pandas>=1.3.0
wechatarticles>=0.1.0

The dependency install uses version ranges rather than pinned versions, including browser automation packages and an external WeChat article package.

User impactFuture dependency updates could change crawler behavior or introduce dependency risk.

RecommendationInstall in a virtual environment, pin and review dependency versions, and avoid entering WeChat credentials until dependencies are trusted.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityHighConfidenceHighStatusConcern

README.md

weixin_credentials.py: 保存token和cookie信息供下次运行使用（不要删除）

The skill persists WeChat token/cookie session material for reuse, giving durable access to a logged-in WeChat account even though the registry lists no primary credential.

User impactA local session file could let the crawler continue using the WeChat account and could expose the account if the file is read or copied.

RecommendationUse a separate low-risk WeChat account, restrict permissions on the credential file, delete it to revoke local access, and install only if persistent session storage is acceptable.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityLowConfidenceHighStatusNote

quota_manager.py

self.user_file = os.path.join(DATA_DIR, f"{self.user_id}.json")

The skill stores per-user quota, subscription, usage, and payment-related state in local JSON files.

User impactLocal files may reveal wallet identifiers, crawled account names, usage history, and transaction hashes to anyone with access to the working directory.

RecommendationRun the skill in a private directory, avoid sharing the data folder, and delete local user/task records when they are no longer needed.