Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
微信公众号内容总结
v1.0.0抓取微信公众号文章并转换为Markdown,提取正文内容后总结核心观点或直接输出完整文章。
⭐ 0· 40·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (fetch WeChat articles, convert to Markdown, summarize) align with the included script and SKILL.md. The script uses requests/BeautifulSoup/html2text to fetch and convert article HTML and can save images — all coherent with the described purpose.
Instruction Scope
SKILL.md confines actions to fetching the article, converting to Markdown, optionally downloading images, saving a .md file, then deleting it. It references specific workspace paths (/home/node/.openclaw/...) and uses PYTHONPATH=/tmp/pylibs; both are environment-specific but consistent with running the included script. There is no instruction to read unrelated system files, credentials, or to transmit data to unknown external endpoints. The required cleanup step (deleting generated .md) is emphasized; this is plausible but users should be aware it removes local files.
Install Mechanism
There is no formal install spec (instruction-only), which is low-risk. The SKILL.md suggests pip installing html2text and beautifulsoup4 into /tmp/pylibs if missing — this will write packages to disk and pulls from PyPI. The packages named are reasonable and proportionate for the task.
Credentials
The skill requests no environment variables, credentials, or config paths. The script uses only network access (HTTP GET) and local file write/read for output and optional image downloads — these are expected for the stated purpose.
Persistence & Privilege
Skill is not always-enabled and does not request elevated/system-wide persistence. It writes output files in the workspace or a specified output directory and can create an images/ subdirectory when saving images. It does not modify other skills or global agent settings.
Assessment
This skill appears to do what it says: fetch a public mp.weixin.qq.com article, convert it to Markdown, optionally download images, and let the agent summarize or output the article. Before installing/running: 1) Review or run the included wechat2md.py in a sandbox to confirm behavior; 2) be aware it performs network requests and writes files (and the SKILL.md instructs you to delete generated .md files afterwards); 3) the SKILL.md suggests pip installing html2text/beautifulsoup4 into /tmp, which will download code from PyPI—only proceed if you trust those packages or install them via your usual package manager; 4) the script will not bypass WeChat JS verification or paywalled content; 5) consider copyright and privacy implications of fetching and storing article content and images. If you need stronger isolation, run the script in a container or VM.Like a lobster shell, security has layers — review code before you run it.
latestvk972j5ry40ccxac9sdz454d4jh84mv7n
License
MIT-0
Free to use, modify, and redistribute. No attribution required.