微信公众号自动排版发布---一键安装
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill mostly matches its WeChat publishing purpose, but it handles official account credentials inconsistently and includes an unsafe shell-based setup helper.
Review and patch the credential paths before use, and do not run the setup helper unless you trust the source and accept local shell execution. Use a dedicated WeChat AppSecret, confirm the exact account before publishing, and periodically clean stored tokens and memory files.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing and using the skill requires giving it credentials that can access and mutate a WeChat official account.
The skill openly asks for and stores WeChat official account credentials. This is expected for API publishing, but it is sensitive account authority that the registry metadata does not declare as a primary credential.
依次询问:... AppID ... AppSecret ... WECHAT_APP_SECRET=用户输入的AppSecret ... chmod 600
Use a dedicated WeChat credential with the minimum needed permissions, verify the account before publishing, and remove or rotate the secret if you stop using the skill.
The skill may fail to use the credentials you just configured, or worse, may operate with a different WeChat account's local credentials if that file already exists.
The helper script defaults to reading credentials and writing the access-token cache under workspace-content-team, while this skill documents workspace-wechat-publisher. That can cause unexpected use of another workspace's credentials or token storage outside the documented location.
function defaultEnvPath() { return path.join(os.homedir(), '.openclaw', 'workspace-content-team', '.env'); } ... function defaultTokenCachePath() { return path.join(os.homedir(), '.openclaw', 'workspace-content-team', '.access_token'); } ... fs.writeFileSync(TOKEN_CACHE, `${Math.floor(Date.now() / 1000)}\n${token}\n`, 'utf-8');Patch the script to default to ~/.openclaw/workspace-wechat-publisher/.env and a matching token cache, set restrictive permissions on the token cache, or require WECHAT_ENV_FILE explicitly.
If a crafted path or environment value reaches this setup script, it could run unintended local commands with the user's privileges.
The setup helper assembles shell commands from strings and an environment-derived path, then runs them through a shell. That creates avoidable command-injection risk if inputs such as OPENCLAW_HOME contain shell syntax.
const OPENCLAW_DIR = process.env.OPENCLAW_HOME || path.join(os.homedir(), '.openclaw'); ... execSync(args.join(' '), { encoding: 'utf-8', stdio: ['pipe', 'pipe', 'pipe'], shell: true })Use spawnSync/execFileSync with an argument array and shell:false, validate workspace paths, and avoid running this setup helper until reviewed or patched.
After confirmation, the agent can submit public WeChat posts through the official API.
The workflow includes commands that can publish WeChat drafts to a public account, but the instruction text explicitly requires user confirmation before publishing.
**发布操作必须获得用户(运营者)明确确认**,不可自行决定发布 ... node ~/.openclaw/workspace-wechat-publisher/scripts/wechat_publish.cjs publish <草稿media_id>
Require a final human preview of title, account, draft media_id, and publish timing before allowing any publish command.
Publishing history, performance data, and strategy notes may remain in local workspace files after the conversation ends.
The agent is instructed to persist publishing data, analysis conclusions, and learned patterns in workspace memory files. This is purpose-aligned, but it can retain business metrics and strategy across sessions.
每次会话结束前将发布数据和分析结论记录到 memory/YYYY-MM-DD.md ... 发现的数据规律 ... 更新到 MEMORY.md
Review memory files periodically, avoid storing unnecessary confidential metrics, and delete old workspace memory when no longer needed.
The new agents may remain available in OpenClaw until the user removes them.
The skill registers two persistent OpenClaw agents as part of its stated deployment purpose. This is disclosed, but it changes the local agent environment beyond the initial setup interaction.
openclaw agents add huajing ... --workspace ~/.openclaw/workspace-wechat-publisher/huajing ... openclaw agents add shulan
Install only if you want persistent WeChat publishing agents, and remove the registered agents/workspace if you stop using the workflow.