ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

微信公众号自动排版发布---一键发布

v1.0.0

微信公众号发布流水线:视觉排版→主编审核→API发布→数据复盘。在已有Markdown定稿基础上执行微信格式化和发布。触发词:发布到微信、微信排版、微信发布。需先完成内容创作。

0· 135·0 current·0 all-time
by@little-ke

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for little-ke/wechat-publish-workflow.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "微信公众号自动排版发布---一键发布" (little-ke/wechat-publish-workflow) from ClawHub.
Skill page: https://clawhub.ai/little-ke/wechat-publish-workflow
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install wechat-publish-workflow

ClawHub CLI

Package manager switcher

npx clawhub@latest install wechat-publish-workflow
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The written purpose (format + publish WeChat articles) aligns with the instructions, but the metadata does not declare expected runtime artifacts: the SKILL.md expects a Node script (wechat_publish.cjs) and WeChat API credentials in a .env, yet required binaries/env vars are listed as 'none'. A legitimate publisher workflow would reasonably need Node (or another runtime) and specific WeChat credentials; those should be declared.
!
Instruction Scope
Instructions tell the agent to read/validate a .env for API credentials and run local node scripts under {baseDir}/scripts or ~/.openclaw/workspace-wechat-publisher/scripts/. That means the agent will access local files and environment secrets and execute commands. While these actions are coherent with publishing, the SKILL.md assumes scripts and credentials exist but the skill bundle does not provide them or explain where they come from.
Install Mechanism
This is an instruction-only skill with no install spec, which is low-risk by itself. However, the runtime depends on external scripts (wechat_publish.cjs) and a Node runtime; absence of an install step or bundled code means user must supply those artifacts. The skill should declare that dependency and/or include installation instructions.
!
Credentials
The SKILL.md explicitly requires WeChat API credentials in a .env and will use them when running scripts, but the registry metadata lists no required environment variables or primary credential. That omission is disproportionate: credentials named like APPID/SECRET/TOKEN are expected here and should be declared. Users need to know exactly which secrets will be accessed.
Persistence & Privilege
The skill does not request persistent 'always' inclusion or elevated platform privileges. It is user-invocable and allows autonomous invocation (default), which is normal and not flagged alone.
What to consider before installing
Before installing or enabling this skill: 1) Confirm where the referenced scripts (scripts/wechat_publish.cjs) actually come from and inspect their code — the skill expects to run local Node scripts but does not bundle them. 2) Expect to provide WeChat API credentials (APPID/SECRET or token) in a .env; ask the author to list exact environment variable names and add them to the metadata. 3) Ensure Node is available on the agent environment or the skill declares it as a required binary. 4) Verify the workflow enforces the user confirmation step before 'publish' (do not allow silent publishing). 5) Run the scripts in a safe/test environment first and do not supply unrelated credentials. If the author cannot clarify the missing metadata or provide the scripts/source, treat the skill as incomplete and avoid granting it access to real credentials.

Like a lobster shell, security has layers — review code before you run it.

latestvk974wz4fdgg6qmh3vny51hbzf583g6t0
135downloads
0stars
1versions
Updated 1mo ago
v1.0.0
MIT-0
@little-ke
latest
Download

微信发布流水线

在已有 Markdown 定稿基础上,完成微信公众号的视觉排版、发布和数据复盘。

前置条件

  • 已通过 /content-creation 部署内容创作团队(墨白参与审核)
  • 已通过 /wechat-publisher-setup 部署微信发布团队(画境、数澜)
  • 已有 Markdown 定稿(来自 /content-workflow 或用户直接提供)

工作流概述

定稿 → 画境(排版设计) → 墨白(审核) → 数澜(发布+复盘)

Phase 3:微信排版设计(画境主导,墨白审核)

  1. 画境根据定稿完成:
    • 封面大图(900x383px)
    • 封面小图(200x200px)
    • 文章排版(HTML/编辑器源码)
    • 配图/信息图(如有需要)
  2. 提交给墨白审核
  3. 最多迭代 2 轮
  4. 输出物:视觉定稿

Phase 4:发布与复盘(数澜主导)

4.1 发布前准备

  1. 数澜根据历史数据确定最佳发布时间
  2. 确认 .env 中微信 API 凭证已配置
  3. 验证 API 连通性:node {baseDir}/scripts/wechat_publish.cjs token

4.2 素材上传

  1. 上传封面大图: 
    node {baseDir}/scripts/wechat_publish.cjs upload-thumb <封面图路径>
  2. 如正文含配图,逐张上传: 
    node {baseDir}/scripts/wechat_publish.cjs upload-image <图片路径>

4.3 创建草稿

  1. 组装文章 JSON 并提交: 
    node {baseDir}/scripts/wechat_publish.cjs create-draft draft.json

4.4 用户确认发布

  1. 展示发布预览信息
  2. 必须获得用户明确确认后才能执行发布
  3. 用户确认后: 
    node {baseDir}/scripts/wechat_publish.cjs publish <草稿media_id>
  4. 查询发布状态: 
    node {baseDir}/scripts/wechat_publish.cjs get-status <publish_id>

4.5 数据追踪与复盘

  1. 发布后 24h 拉取初步数据: 
    node {baseDir}/scripts/wechat_publish.cjs get-stats <日期> <日期>
  2. 输出 24h 数据快报
  3. 发布后 48h 输出完整数据复盘报告
  4. 墨白主持复盘,确定下一轮优化方向

灵活调用规则

  • 用户可以跳过排版(如"直接发布这篇文章")
  • 用户可以只做排版不发布
  • 用户可以单独让数澜分析数据

质量门控

  • 排版设计需经墨白审核
  • 发布操作必须获得用户明确确认
  • 发现事实性错误 → 回退到内容创作阶段(使用 /content-workflow)

脚本说明

wechat_publish.cjs 位于 {baseDir}/scripts/ 或已部署到 ~/.openclaw/workspace-wechat-publisher/scripts/

Comments

Loading comments...