Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Wechat Saver
v1.1.0微信公众号文章抓取工具。将微信文章转换为 Obsidian 兼容的 Markdown 格式,支持图片下载、智能格式识别(代码块/列表/引用)。
⭐ 0· 22·0 current·0 all-time
byKuiil@kuiilabs
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description match the included Python script: it fetches article HTML, extracts content, downloads images and writes Obsidian-compatible Markdown. There are no unrelated required env vars or binaries. Minor mismatch: presence of package.json (npm-style metadata) in a Python-based skill is odd but not harmful.
Instruction Scope
SKILL.md and the script instruct the agent/user to fetch URLs and download all images referenced by the page. The script does not enforce domain checks (it will attempt to GET any URL you pass), so if a user provides a specially crafted link it can cause the runner to make arbitrary network requests (including to internal IPs), which is a server-side request forgery / internal scanning risk. The instructions also recommend batch processing arbitrary URLs — amplifying that network exposure. Otherwise the instructions stick to expected scraping and file-write operations.
Install Mechanism
This is instruction-only (no automated install). Dependencies are normal Python libraries and the SKILL.md shows creating a venv. However the docs include pip install examples that use --break-system-packages (a flag that can alter global Python packages) and recommend installing from a third-party mirror; users should avoid --break-system-packages unless they understand the consequences and prefer using an isolated virtualenv.
Credentials
The skill requires no environment variables, tokens, or credentials. The SKILL.md explicitly states it does not support login/paid articles currently (a planned future feature would require cookies/credentials). No secret exfiltration appears in the code that was reviewed.
Persistence & Privilege
The skill is not always-enabled and does not request elevated platform privileges. It writes files to the user's filesystem (defaulting to ~/Documents/Obsidian Vault/00-Inbox or a user-specified path), which is expected behavior for this utility.
Scan Findings in Context
[no_regex_findings] expected: The static regex-based pre-scan found no suspicious patterns. That matches manual review: there are no obvious telemetry endpoints, embedded secrets, or obfuscated code. Absence of findings does not eliminate runtime risks (network requests, file writes).
What to consider before installing
This skill appears to implement a legit WeChat-to-Markdown scraper, but before installing or running it: (1) Review and run it in an isolated environment (use an isolated virtualenv or container); avoid pip --break-system-packages unless you know what it does. (2) Only provide trusted URLs — the script will perform HTTP requests to whatever URL you pass, including linked images, so a malicious or internal URL could cause unwanted network requests (SSRF/internal scanning). If you only want WeChat content, consider adding a simple domain check (only allow mp.weixin.qq.com) before fetching. (3) Inspect the script yourself for any modifications if you plan to enable cookie/login features in the future (those would require storing credentials/cookies and increase risk). (4) Verify output paths before running to avoid accidental file overwrites. If you want, I can produce a hardened wrapper that enforces domain restrictions and safer network timeouts to reduce the risk.Like a lobster shell, security has layers — review code before you run it.
latestvk970zxgndfemd4cvjw4cphm1hh848388
License
MIT-0
Free to use, modify, and redistribute. No attribution required.