Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description align with code and SKILL.md: scripts fetch tokens, call WeChat APIs, generate reports and send messages. Required credentials (AppID/AppSecret) are expected. Minor inconsistency: SKILL.md lists a scripts/send-report.js that is not present (sending is implemented inside generate-report.js).
Instruction Scope
Runtime instructions and code operate only against the WeChat API and local files, which fits the purpose. However generate-report.js constructs and executes an openclaw CLI command via execSync with a hard-coded --account value ('d72d5b576646-im-bot'). That forces use of a specific sender account (not declared in config) and could cause reports to be sent via an unexpected/third-party account, which is a potential exfiltration vector. Scripts also read/write config (~/.openclaw/wechat-mp/config.json) and temporary files in /tmp; these behaviors are expected but worth noting.
Install Mechanism
No network install or remote downloads. install.sh only creates a config directory and sets script permissions. There is no package fetch from external/untrusted URLs; install risk is low.
Credentials
The skill does not declare environment variables, but legitimately requires storing AppID and AppSecret in ~/.openclaw/wechat-mp/config.json and caches access_token in /tmp. Asking for those credentials is proportional to the functionality. Note: secrets are stored in plaintext in user home and /tmp; consider filesystem permissions. The hard-coded openclaw account is not justified by the described configuration fields and is disproportionate.
Persistence & Privilege
always is false and the skill only writes files under its own config directory and /tmp. It does not modify other skills or system-wide settings. Autonomous invocation is allowed by default (normal); combine that with the hard-coded sender account could increase blast radius.
What to consider before installing
This skill appears to implement WeChat article monitoring as described, but review before installing:
- Inspect and if needed remove or change the hard-coded account in scripts/generate-report.js (the --account 'd72d5b576646-im-bot' value). That parameter forces reports to be sent using that account and could route your report content through an unexpected sender. Replace with a configurable account or remove the --account flag so the system uses your intended sender.
- Confirm openclaw CLI behavior locally (openclaw message send) in a safe environment; do not run with real AppSecret until you trust the sender/account. The script will exec the CLI and transmit the full report text.
- Be aware AppID/AppSecret are stored in plaintext at ~/.openclaw/wechat-mp/config.json and tokens are cached in /tmp; set restrictive file permissions and consider alternatives if you require stronger secrets handling.
- Note the SKILL.md references a missing send-report.js (minor inconsistency). You can run the scripts manually or review/modify them to suit your environment (for example, use your own openclaw account, implement explicit confirmation before sending, or log rather than send).
If you cannot verify the ownership of the hard-coded account or do not want reports potentially routed through a third-party sender, do not install or run the script until you patch it to use your account or safe transport.scripts/generate-report.js:58
Shell command execution detected (child_process).
scripts/fetch-articles.js:11
Environment variable access combined with network send.
scripts/generate-report.js:110
Environment variable access combined with network send.
scripts/fetch-articles.js:54
File read combined with network send (possible exfiltration).
scripts/generate-report.js:92
File read combined with network send (possible exfiltration).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.Like a lobster shell, security has layers — review code before you run it.
latestvk9795qe7q67jch895ewaqh1aen83emp9
License
MIT-0
Free to use, modify, and redistribute. No attribution required.