v1.0.6

WeChat Official Account Draft Management

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 5:18 AM.

Analysis

This appears purpose-aligned, but it can use WeChat Official Account credentials to publish or delete account content and stores an access token locally, so it should be reviewed before installation.

GuidanceOnly install this if you trust it with your WeChat Official Account. Use a non-production or least-privileged account where possible, review every publish/delete command before allowing it to run, and be aware that it stores a temporary access token in `~/.config/channel/access_token.json`.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityMediumConfidenceHighStatusConcern

SKILL.md

Supports draft creation, listing, publishing, and deletion ... python3 scripts/channel.py publish MEDIA_ID_1234567890abcdef ... python3 scripts/channel.py delete MEDIA_ID_1234567890abcdef

The skill exposes direct publish and delete operations for a WeChat Official Account. These actions are purpose-aligned, but they can affect public/business content and the instructions do not describe an explicit confirmation step or rollback path.

User impactIf invoked with valid WeChat credentials, the agent could publish public content or delete drafts from the account.

RecommendationRequire explicit user approval before publish or delete operations, verify the target media ID and article content, and use the least-privileged WeChat permissions available.

Unexpected Code Execution

SeverityLowConfidenceHighStatusNote

scripts/channel.py

subprocess.run(['sips', '-s', 'format', 'jpeg', ppm_path, '--out', jpg_path], capture_output=True, text=True)

Automatic cover generation invokes a local `sips` command. This is related to the advertised cover-image feature and does not use a shell, but the dependency is not declared in the metadata and is OS-specific.

User impactThe skill may run a local image-conversion command during draft creation, and the auto-cover feature may fail on systems without `sips`.

RecommendationDeclare the `sips`/macOS dependency or replace it with a portable image-generation method.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceHighStatusNote

metadata

Source: unknown; Homepage: none

The registry metadata does not provide a source repository or homepage. For a credential-using account-management tool, limited provenance makes independent verification harder.

User impactUsers have less external context for maintainer identity, updates, or issue reporting before trusting the skill with WeChat account credentials.

RecommendationPrefer installing from a verifiable source, review the included code before use, and avoid sharing production credentials with untrusted packages.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityMediumConfidenceHighStatusConcern

scripts/channel.py

appid = os.getenv('WECHAT_APPID') ... appsecret = os.getenv('WECHAT_APPSECRET') ... ACCESS_TOKEN_FILE = os.path.join(CONFIG_DIR, "access_token.json") ... json.dump({'access_token': token, 'expires_at': ...}, f)

The code uses WeChat developer credentials to obtain an access token and persists that token in the user's home configuration directory. This is expected for API use, but it is high-impact account authority and the local token cache is not clearly disclosed in SKILL.md.

User impactAnyone or anything able to read the cached token file during its validity window may be able to act through the WeChat account API.

RecommendationDisclose the token cache path, restrict file permissions, provide a way to clear or disable caching, and rotate the AppSecret if credential exposure is suspected.