微信公众号自动发布器
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill’s publishing workflow is coherent, but unsafe shell command construction around user-controlled text makes it risky to run without review.
Install only if you trust the dependent skills and are comfortable granting WeChat publishing credentials. Review the generated article and images before the final publish/draft step, avoid confidential content, and prefer a fixed version that replaces shell-string execSync calls with safe argument-based execution.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A malicious or accidental search term could cause unintended local commands to run in the agent environment.
The search query comes from command-line/user input and is inserted into a shell command inside single quotes. A crafted query containing a single quote could alter the shell command.
const query = process.argv[2]; ... execSync(`python3 ~/.openclaw/workspace/skills/baidu-search/scripts/search.py '${JSON.stringify(requestBody)}'`,Replace execSync shell strings with execFile/spawn using an argument array, and validate or safely encode user-provided query text.
If an attacker can influence the article filename/path, they may be able to inject shell syntax during publishing.
The article file path is interpolated into a shell command. Although normal use passes examples/article.md, the script accepts a user-supplied path.
execSync(`node "${publishScript}" "${articleFile}"`, {Invoke Node with execFile/spawn and pass publishScript and articleFile as separate arguments instead of building a shell command string.
The workflow can put generated content into a WeChat Official Account publishing flow, so a user should review the article before the final publish/draft action.
The skill discloses a high-impact publishing step and says the user should be asked before continuing each step.
按顺序执行以下步骤,每步完成后询问用户是否继续 ... ### 步骤 5: 发布到公众号
Keep an explicit final confirmation before publishing and clearly distinguish draft creation from public posting.
Anyone running the skill with these credentials may be able to create/publish WeChat account content through the configured account.
The skill requires WeChat account credentials for the publishing integration, which is expected but grants account-level authority.
export WECHAT_APP_ID=你的 APP_ID; export WECHAT_APP_SECRET=你的 APP_SECRET
Use dedicated credentials where possible, restrict IP/permissions in WeChat settings, and avoid exposing secrets in logs or shared sessions.
The behavior and credential handling also depend on those external skills and their installed versions.
The skill depends on separately installed skills to search, generate images, and publish, but the artifacts do not pin specific versions.
clawhub install baidu-search; clawhub install wanx-image-generator; clawhub install wechat-toolkit
Install dependent skills only from trusted sources and verify their versions and permissions before using this publisher.
Draft content or prompts may leave the local agent environment through Baidu, Alibaba/Wanx, or WeChat integrations.
The workflow sends prompts, search queries, generated article content, and images through other skills/providers.
调用 wanx-image-generator 技能(通义万相)生成图片 ... 调用百度搜索获取实时信息 ... 调用 wechat-toolkit 发布
Do not use confidential or unpublished sensitive material unless you are comfortable sending it to the configured providers.