ClawHub

Publish Wechat Draft

v1.0.0

发布文章到微信公众号草稿箱。当用户要求发布公众号文章、保存微信草稿、publish wechat draft、或提到"发公众号"/"发微信"时调用。

0· 130·0 current·0 all-time
bylixinran@lixinran2015

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for lixinran2015/publish-wechat-draft.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Publish Wechat Draft" (lixinran2015/publish-wechat-draft) from ClawHub.
Skill page: https://clawhub.ai/lixinran2015/publish-wechat-draft
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required env vars: WECHAT_PUBLISHER_DIR
Required binaries: node, npm, npx, git
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install publish-wechat-draft

ClawHub CLI

Package manager switcher

npx clawhub@latest install publish-wechat-draft
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description match the declared requirements: node/npm/npx/git and a WECHAT_PUBLISHER_DIR project path are expected for a Node.js CLI that uses Playwright to automate WeChat publishing.
Instruction Scope
SKILL.md confines actions to the project directory: locating or cloning the repo, installing deps, checking login, creating temp HTML files under PROJECT_DIR/articles, and reading project logs/screenshots. It references HOME/USERPROFILE to locate cookie path (standard system vars). It explicitly instructs not to read or exfiltrate cookie contents, but it does access cookie file existence and runs project-provided scripts that may operate on cookies.
!
Install Mechanism
There is no formal install spec but the instructions tell the agent to git clone https://github.com/lixinran2015/weixingongzhonghao.git (if not present), run npm install, and run npm scripts. That means arbitrary third‑party code from that repo will be executed locally (including package scripts). Playwright installation will also download Chromium. This is common for node CLIs but is a higher-risk action and should be performed only after reviewing the repository and its package.json scripts.
Credentials
Only one declared env var (WECHAT_PUBLISHER_DIR) is required, which is proportional. Minor oddity: the registry metadata marks the directory path as the 'primary credential'—a path is not a secret, but the label is unexpected. The instructions also reference HOME/USERPROFILE (non-secret system vars). No other unrelated secrets are requested.
Persistence & Privilege
always is false and the skill does not request system-wide or cross-skill configuration changes. It writes files inside the project directory (articles, logs/screenshots) which is consistent with its purpose.
Assessment
This skill appears to do what it says, but it will clone and run a third‑party Node.js project and execute that project's npm scripts (including a login flow that writes cookies). Before installing or running it: 1) Review the repository and package.json (especially scripts like login, check:login, publish) to see what code will run. 2) Run npm install and the tool in an isolated environment (container or VM) if you don't fully trust the repo. 3) Set WECHAT_PUBLISHER_DIR to a local clone you control rather than letting the agent clone automatically. 4) Verify the project’s behavior around cookies (it should not print or upload cookie contents). If you are uncomfortable running arbitrary npm scripts, prepare the HTML locally and run the publish workflow manually or decline to install the skill.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

Binsnode, npm, npx, git
EnvWECHAT_PUBLISHER_DIR
Primary envWECHAT_PUBLISHER_DIR
latestvk97e3h4ey125mn4kmgg01j99w584zhh6
130downloads
0stars
1versions
Updated 1w ago
v1.0.0
MIT-0
lixinran@lixinran2015
latest
Download

微信公众号草稿发布 Skill

使用项目 weixingongzhonghao-publisher 的 CLI 工具,将文章发布到微信公众号草稿箱。

前置检查

1. 查找项目目录

按以下优先级确定 weixingongzhonghao-publisher 的项目根目录(PROJECT_DIR):

  1. 当前工作目录:检查是否存在 package.jsonnameweixingongzhonghao-publisher
  2. 环境变量:如 process.env.WECHAT_PUBLISHER_DIR 存在且包含有效的 package.json
  3. 用户主目录:检查 ~/workspace/weixingongzhonghao~/weixingongzhonghao 是否存在有效的 package.json
  4. 以上都未找到:提示用户先执行以下命令之一: 
    # 方式 A:克隆仓库到当前目录
git clone https://github.com/lixinran2015/weixingongzhonghao.git
cd weixingongzhonghao

# 方式 B:设置环境变量(如果仓库在其他位置)
export WECHAT_PUBLISHER_DIR=/path/to/weixingongzhonghao

一旦找到 PROJECT_DIR,后续所有 npm run 命令都必须在 PROJECT_DIR 下执行(通过 Bashcwd 或在命令前加 cd PROJECT_DIR &&)。

2. 确认依赖已安装

PROJECT_DIR 下运行:

ls node_modules/.bin/playwright

如不存在,运行:

cd PROJECT_DIR && npm install && npx playwright install chromium

登录与 Cookie 管理

  1. 确定 Cookie 路径 
    cd PROJECT_DIR && node -e "const p=require('path'); console.log(p.join(process.env.HOME||process.env.USERPROFILE,'.config','weixingongzhonghao','cookies.json'))"
  2. 检查 Cookie 是否有效 
    cd PROJECT_DIR && npm run check:login
    • 如果提示 Cookie 无效或为空,先执行 cd PROJECT_DIR && npm run login:这会打开浏览器等待用户扫码,登录成功后自动保存 Cookie。
    • 如果用户拒绝扫码,停止执行。

解析用户意图与文章源

用户可能通过以下几种方式提供内容:

方式 A:提供 HTML/MD 文件路径

  • 如果路径是相对路径,先基于当前工作目录解析为绝对路径。
  • 然后直接在 PROJECT_DIR 下使用 --file 模式: 
    cd PROJECT_DIR && npm run publish -- --file <absolute-path> [--title "标题"]
  • 标题优先级:--title 参数 > HTML <title> 标签 > 文件名

方式 B:只提供纯文本或 Markdown 内容

  • 帮用户生成临时 HTML 文件到 PROJECT_DIR/articles/ 目录:
    1. 读取 PROJECT_DIR/articles/ 下现有文件,确定可用文件名(如 articles/untitled-1.html
    2. 将内容包装成基础 HTML 结构: 
      <!DOCTYPE html>
<html>
<head><meta charset="utf-8"><title>用户提供的标题</title></head>
<body>...用户内容...</body>
</html>
    3. 使用 Write 写入 PROJECT_DIR/articles/untitled-N.html
    4. 然后以 --file 方式调用发布

方式 C:提供配置文件路径

  • 如果用户明确要求使用某个 yaml 配置: 
    cd PROJECT_DIR && npm run publish -- --config <path>

发布执行流程

  1. 如果用户要求调试或首次运行,追加 --debug 参数(显示浏览器窗口,slowMo 1000ms)。
  2. 运行发布命令,timeout 建议设为 300 秒(Playwright 操作较慢)。
  3. 不要静默执行:在打开浏览器扫码前,明确告知用户需要操作什么。

结果反馈

  • 成功:返回草稿链接、耗时,并祝贺用户。
  • 失败
    1. 读取 PROJECT_DIR/logs/screenshots/ 下最新的错误截图(按修改时间排序)
    2. 分析截图和终端输出,给出明确的错误原因和下一步建议

安全与隐私原则

  • 绝不读取或泄露 Cookie 内容。只验证文件是否存在、格式是否正确。
  • 绝不把 Cookie 文件提交到 git。如发现 cookies/cookies.json 被 git 跟踪,立即提醒用户取消跟踪。
  • 用户扫码登录时,浏览器窗口由用户控制,Claude 不模拟任何登录操作。

Comments

Loading comments...