ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

微信文章读取

v1.0.0

读取微信公众平台文章内容(mp.weixin.qq.com)。当用户发送微信文章链接、需要读取微信文章内容、提取公众号文章时自动激活。支持突破微信反爬限制,获取完整文章文本。

0· 84·0 current·0 all-time
by@lcwatergm-afk

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for lcwatergm-afk/weixin-article-read.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "微信文章读取" (lcwatergm-afk/weixin-article-read) from ClawHub.
Skill page: https://clawhub.ai/lcwatergm-afk/weixin-article-read
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install weixin-article-read

ClawHub CLI

Package manager switcher

npx clawhub@latest install weixin-article-read
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description, SKILL.md, and the included script all align: they fetch WeChat public-article pages and parse the content. However, the metadata declares no required binaries even though the script uses curl and requires beautifulsoup4; the omission is an inconsistency that should be corrected.
!
Instruction Scope
Runtime instructions tell the agent to run the included Python script with a user-supplied URL. The script constructs a shell command that embeds the URL and runs curl via subprocess.run(..., shell=True) without sanitizing the URL, which creates a shell-injection risk if an attacker can supply a malicious URL. Otherwise the instructions stay within the stated purpose (network fetch and HTML parsing).
Install Mechanism
This is an instruction-only skill with a small shipped script and no install spec. Nothing is downloaded at install time. The lack of an install step minimizes install-time risk.
Credentials
The skill requests no environment variables or credentials, which is appropriate for a simple web-scraping/parsing tool.
Persistence & Privilege
The skill is not force-installed (always:false) and uses normal autonomous invocation defaults. It doesn't request elevated persistence or modify other skills.
What to consider before installing
This skill appears to do what it claims (fetch and parse WeChat article pages), but review these before installing: - Functional gaps: The script uses curl and beautifulsoup4 but the skill metadata does not declare curl as a required binary and the README suggests installing beautifulsoup4; ensure curl is available and pip-install the dependency before use. - Shell-injection risk: The script builds a curl command string including the user-provided URL and calls subprocess.run(..., shell=True). If a maliciously crafted URL is passed, it could execute arbitrary shell commands. Prefer a version that uses the requests library or subprocess.run([...], shell=False) with proper URL validation. - Legal/ethical: The skill explicitly aims to 'bypass anti-scraping' protections; check terms of service and legal constraints for scraping mp.weixin.qq.com and respect rate limits. - Hardening suggestions: Ask the author to (1) declare curl in required binaries, (2) replace shell-based curl calls with requests or a safe subprocess invocation, (3) validate/sanitize input URLs, and (4) optionally add timeout/error handling and user-agent comments in metadata. If you cannot vet the author or run the skill in a sandboxed environment, treat the shell-injection risk as a blocker for use with untrusted inputs.

Like a lobster shell, security has layers — review code before you run it.

latestvk972rvpg7t8emtmy5med6f8wxn84w4ne
84downloads
0stars
1versions
Updated 1w ago
v1.0.0
MIT-0
@lcwatergm-afk
latest
Download

微信文章读取技能

功能说明

读取微信公众平台(mp.weixin.qq.com)文章内容,突破反爬限制,还原干净的文章文本。

使用场景

  • 用户发送微信文章链接,需要读取内容
  • 需要提取公众号文章进行总结、分析
  • 微信文章链接需要突破反爬获取原文

核心脚本

# 使用方法
python3 scripts/read_weixin_article.py <微信文章URL>

# 示例
python3 scripts/read_weixin_article.py "https://mp.weixin.qq.com/s/kItlJmjOnq6p6tXtYGHrGQ"

技术实现

  1. 使用 curl 模拟移动端 User-Agent 获取页面
  2. 使用 BeautifulSoup 解析HTML
  3. 提取 id="js_content"class="rich_media_content" 的文章主体
  4. 清理脚本、样式等干扰元素,还原干净文本

注意事项

  • 微信文章有反爬限制,必须使用移动端 User-Agent
  • 部分文章可能因权限问题无法完整获取
  • 成功读取后记得向用户确认内容是否正确

Comments

Loading comments...