ClawHub

WeChat Official Account Draft Management

v1.0.6

WeChat Official Account Draft Box management tool. Create and manage graphic draft articles via WeChat API, supporting text and images. Automatically extract...

3· 1.8k·1 current·1 all-time
bymanifold@manifoldor
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (WeChat draft management) match the implementation: the script talks to api.weixin.qq.com, uploads images, creates/list/publishes/deletes drafts and requires WECHAT_APPID/WECHAT_APPSECRET. Nothing requested appears unrelated to the stated purpose.
Instruction Scope
SKILL.md instructions are narrowly scoped: they tell the user to set WECHAT_APPID/WECHAT_APPSECRET, run the included script, and describe expected API interactions. The runtime instructions and the script operate only on local files (article text, images), the user's ~/.config/channel directory, and the official WeChat API endpoints.
Install Mechanism
There is no install spec or remote download; the package is instruction + an included Python script. No external archives, installers, or third-party package fetches are performed by the skill's metadata.
Credentials
The only environment variables referenced are WECHAT_APPID and WECHAT_APPSECRET (declared in SKILL.md and used by the script). These are the expected credentials for interacting with the WeChat API and are proportionate to the functionality.
Persistence & Privilege
The skill is not always-enabled, uses the default autonomous-invocation setting, and only creates its own config directory (~/.config/channel) and cache files (access_token.json, drafts_cache.json). It does not modify other skills or system-wide agent settings.
Assessment
This skill appears to do what it claims. Before installing: 1) Only provide WECHAT_APPID and WECHAT_APPSECRET from a trusted account; they are stored briefly and cached in ~/.config/channel/access_token.json. 2) The script writes files under ~/.config/channel and may create temporary image files when auto-generating covers; ensure that's acceptable. 3) Auto-cover generation uses the macOS 'sips' utility (may fail on other OSes). 4) Review the included scripts yourself if you want to double-check there is no additional network behavior; network calls in the code go to api.weixin.qq.com (official WeChat endpoints). 5) Keep your AppSecret secure and revoke/regenerate it if you suspect it was exposed.

Like a lobster shell, security has layers — review code before you run it.

WeChat OA Channelvk97e767ys6keaebwrr76q3fxzs80f26jlatestvk972w6h157s6yv5f1mtrh8m8s182rbj0

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Environment variables
WECHAT_APPIDrequired
WECHAT_APPSECRETrequired

Comments