WeChat Official Account Draft Management
PassAudited by ClawScan on May 10, 2026.
Overview
The visible artifacts match a WeChat draft-management tool, but it uses powerful WeChat account credentials and can publish or delete drafts when invoked.
Install only if you want this agent to manage the specified WeChat Official Account. Protect the AppID/AppSecret and cached token, review content before publishing or deleting, and note that the provided script view was truncated, so reviewing the full script from the source is prudent before using production credentials.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If invoked on the wrong media ID or without review, the agent could publish unwanted content or delete a draft.
The skill exposes commands that can publish or delete WeChat Official Account drafts. These actions are disclosed and user-directed, but they can materially affect public or business account content.
python3 scripts/channel.py publish MEDIA_ID_1234567890abcdef ... python3 scripts/channel.py delete MEDIA_ID_1234567890abcdef
Review draft content and media IDs before using `publish` or `delete`, and avoid granting autonomous use of these commands unless that is intended.
Anyone who can access these credentials or the cached token may be able to manage drafts or perform other allowed WeChat API actions for the account.
The script uses WeChat developer credentials to obtain an access token and persists that token locally. This is expected for the stated API integration, but it grants account-level API authority.
appid = os.getenv('WECHAT_APPID') ... appsecret = os.getenv('WECHAT_APPSECRET') ... ACCESS_TOKEN_FILE = os.path.join(CONFIG_DIR, "access_token.json")Use credentials only for the intended official account, keep environment variables and `~/.config/channel` private, and rotate the AppSecret if exposure is suspected.
On systems without `sips`, automatic cover generation may fail; running the skill also executes this local utility when auto-cover is used.
Auto-cover generation runs a fixed local image-conversion command. It does not use a shell or pass user-controlled command arguments, but the local command dependency is not declared in metadata.
subprocess.run(['sips', '-s', 'format', 'jpeg', ppm_path, '--out', jpg_path], capture_output=True, text=True)
Use a reviewed custom cover image or `--no-auto-cover` if you do not want the local conversion command to run, especially on non-macOS systems.