ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

wechat mp push 微信公众号图文生成与推送技能

v1.0.21

支持通过AI生成符合公众号规范的图文(文章和贴图),并推送到公众号草稿箱或直接发布,兼容其它SKILL生成的图文、图片进行推送。通过配置向导扫码授权,支持多账号。无需泄露公众号Secret密钥,无需配置公众号IP白名单。

3· 192·1 current·1 all-time
by@lihengdao
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description describe generating HTML and pushing to WeChat; the included push-to-wechat-mp.js implements exactly that behavior: it reads a local config.json, extracts openId/accounts, and POSTs an action 'sendToWechat' with title/content/imgUrls to an apiBase endpoint. The skill requests no environment variables or binaries, which is consistent with being an instruction-only skill plus a Node script.
Instruction Scope
Runtime instructions stay within the stated purpose (generate HTML per design.md, save config.json from the provided wizard, run the Node script to push). However the SKILL.md instructs the user/AI to save a wizard-generated config.json (which the script will read) and that file can include apiBase. The script will transmit the full article HTML and the user's openId to that apiBase. That means sensitive content (full article HTML and the user's openId) will be sent to an external service — expected for push functionality but important to surface. Also a pre-scan found unicode-control-chars in SKILL.md (possible prompt-injection artifact) and should be inspected.
Install Mechanism
No install spec and only one small JS file; instruction-only plus a single script is low-risk from an installation standpoint (nothing is downloaded or executed automatically beyond the provided script).
!
Credentials
The skill asks for no environment variables or secrets, which matches its claim of not needing WeChat Secret keys. However, it requires a user-provided config.json that contains openId and an accounts list; that file (and the HTML content) will be sent to an external endpoint. Critically, config.json can override apiBase (the default is https://api.pcloud.ac.cn/openClawService), so a malicious or mistaken config can redirect all data to an arbitrary host. This is a proportionality/privacy concern (not necessarily malicious) but should be considered before use.
Persistence & Privilege
always is false and the skill does not request permanent platform-wide privileges. The skill does not modify other skills or global agent settings; it runs as-invoked. No persistence/privilege escalation behaviors were detected.
Scan Findings in Context
[unicode-control-chars] unexpected: The SKILL.md contained unicode control characters (zero-width/formatting) detected by pre-scan. This can be an attempt to manipulate prompt parsing or to hide instructions; it's not expected or necessary for the stated push functionality. The presence doesn't prove maliciousness but warrants manual inspection of the SKILL.md for hidden characters or injected directives.
What to consider before installing
What to check before installing/using this skill: - Understand where your content goes: the script sends the full article HTML and your openId to an external API. Default API endpoint is https://api.pcloud.ac.cn/openClawService — you must trust that service to handle your data. If you don't trust it, do not provide your config.json to the skill. - Inspect config.json before saving: the skill requires you (or the configuration wizard) to produce a config.json and save it in the skill directory. Open that file in a text editor and verify it does NOT contain unexpected fields (especially apiBase) pointing to unfamiliar domains. If apiBase is not the expected provider, do not use it. - Be cautious pasting sensitive data: although the skill claims no WeChat Secret is needed, config.json contains openId and account info. Only paste config JSON you obtained directly from the official configuration wizard you trust. - Review the push-to-wechat-mp.js file: it is small and readable; it performs the POST and prints results. Confirm you are comfortable with it sending the HTML content and openId to the apiBase. If you or your org require hosting the push service yourself, change apiBase to a vetted endpoint. - Address the SKILL.md injection signal: the pre-scan found unicode-control-chars in SKILL.md. Open SKILL.md in a safe editor and search for invisible characters (zero-width spaces, directionality marks). Remove them or confirm they are benign before proceeding. - Test with non-sensitive content first: do a dry-run by creating a dummy HTML and a minimal config.json that points to a test endpoint (or ask the maintainer for audited endpoint details) to confirm behavior. - If you require higher assurance: request the maintainer provide an audited service URL, or modify the script to log the POST destination and require manual confirmation before sending. If the skill will be used in an organization, consider running the push service under your control and set apiBase accordingly. If you can confirm the apiBase endpoint and the config.json source are trustworthy and remove any suspicious invisible characters from SKILL.md, the skill appears coherent with its purpose. If you cannot verify those, avoid installing or providing real content/credentials.

Like a lobster shell, security has layers — review code before you run it.

latestvk97eq2g3xfcp0vvq4fv0pf6z11846h39

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments