Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
lanreneditor-pro
v1.0.3通过用户自定义模板排版AI生成文章,并一键发布到指定微信公众号草稿箱,支持多账号管理和额度查询。
⭐ 1· 141·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's name/description (WeChat article formatting + publish) match the code and API descriptions: handler.js makes HTTP calls to a configured apiBaseUrl using an apiKey, and SKILL.md/skill.yaml declare apiBaseUrl and apiKey as required configuration. However the registry metadata reported "Required env vars: none" while the included skill.yaml and SKILL.md require an API key — an inconsistency. README also mentions optional environment variables (OPENAI_API_KEY, OPENCLAW_GATEWAY_URL) for cover generation that are not declared in the skill config, which is another mismatch to be aware of.
Instruction Scope
Runtime instructions and integration docs direct the agent to call the SaaS endpoints (templates, accounts, publish, quota, etc.) — that is expected. But the package also includes explicit system-prompt text (in skill.yaml and INTEGRATION.md) that tells the model to 'must strictly follow' the workflow and 'not allowed to skip' steps; a pre-scan flagged a system-prompt-override pattern. That system-level instruction aims to override agent behavior and could broaden the agent's authority when this skill is active. Otherwise, the instructions do not ask the agent to read unrelated system files or collect unrelated credentials.
Install Mechanism
No remote download/install spec is included; the bundle is instruction + code (handler.js) and a normal package.json that depends on axios. The Quickstart recommends running npm install locally (standard). There are no obscure external URLs or archives in the install process, so install risk is low.
Credentials
The skill needs an API base URL and an API key for the third‑party formatting/publishing service — that is proportional to its stated purpose. However, documentation also references optional environment variables (OpenAI key, gateway URL, default cover image path) that are not declared in the skill's config/registry metadata. Registry metadata claiming 'no required env vars' is inconsistent with skill.yaml/ SKILL.md which require apiKey; this mismatch should be resolved before trusting credentials.
Persistence & Privilege
The skill does not request 'always: true' and uses normal network/storage permissions (expected for a connector). However the included systemPrompt (and guidance in integration docs to inject system prompts into host bots) elevates its capacity to influence agent decision-making. Because model invocation is enabled (the default), that prompt could affect agent behavior when the skill is active — combine this with credential access and it's an increased blast radius. This is not proof of maliciousness, but it is a significant caution.
Scan Findings in Context
[system-prompt-override] expected: The skill includes explicit systemPrompt text and integration instructions advising operators to add a strict system prompt to host bots. Including a system prompt is expected for integration, but the prompt's language ('must strictly follow', 'not allowed to skip') is forceful and can override host agent behavior; treat as a risky capability and review carefully.
What to consider before installing
Plain-language checklist before installing / enabling:
- Origin & trust: This package's source/homepage is unknown. Prefer skills from known vendors. Ask the author for the official SaaS site and verify the domain (https://open.tyzxwl.cn is referenced).
- Credentials: The skill requires an API key (apiKey) for the publishing SaaS. Do NOT reuse high‑privilege or production credentials. Create a limited-scope/test API key, enable strict logging, and be ready to revoke it.
- System prompt risk: The skill includes a strong system-level prompt which can influence the agent's behavior. If your platform allows, inspect and, if desired, remove or weaken that prompt before enabling autonomous runs. Consider disabling autonomous invocation for this skill until you trust it.
- Inconsistencies: Registry metadata says 'no required env vars' but the skill expects apiBaseUrl/apiKey; README mentions optional OpenAI keys and file paths that are not declared. Ask the maintainer to reconcile these mismatches.
- Test safely: Test with a sandbox account / test WeChat binding and a test API key first. Monitor API logs and quota usage while testing.
- Code review: If you can, scan handler.js fully for any hard-coded endpoints, unexpected network calls, or any code that reads local files or environment variables beyond what it should. The visible code appears to only call the declared SaaS APIs, but the file was truncated in the package listing — review the full file before trusting in production.
If you are uncomfortable with the unknown source, aggressive system prompt, or metadata mismatches, do not install or provide production credentials.Like a lobster shell, security has layers — review code before you run it.
latestvk974755fxcg0erczj21gh95cmh84g9wa
License
MIT-0
Free to use, modify, and redistribute. No attribution required.