ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

auto-pub

v1.0.0

微信公众号草稿箱智能发布助手 — AI生成文章后自动投递至草稿箱,人工确认后一键发布,安全零误发

0· 91·0 current·0 all-time
by@martin-sh-ni

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for martin-sh-ni/auto-pub.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "auto-pub" (martin-sh-ni/auto-pub) from ClawHub.
Skill page: https://clawhub.ai/martin-sh-ni/auto-pub
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install auto-pub

ClawHub CLI

Package manager switcher

npx clawhub@latest install auto-pub
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The name/description promise automatic delivery to the WeChat draftbox, but the skill declares no required environment variables, no install steps, and no third‑party APIs. SKILL.md also asserts 'zero-cost integration' and 'no third-party API' while claiming '自动投递草稿' — there is no explanation of how drafts are actually uploaded or what credentials/automation are used. That mismatch between claimed capability and required resources is a coherence concern.
Instruction Scope
The SKILL.md is purely conceptual and stays within the high-level workflow (AI write → draftbox → human confirm → publish). It does not instruct the agent to read files, use credentials, perform network calls, or run automation. However, it is vague about the mechanism for '自动投递' (no steps for authentication, browser automation, APIs, or user-assisted paste), so the runtime behavior is unclear — the instructions could be interpreted as either manual copy/paste guidance or as implying automation that isn't specified.
Install Mechanism
No install spec and no code files are present; this is instruction-only. That minimizes install-time risk because nothing will be written or executed automatically by the skill itself.
Credentials
The skill requests no environment variables or credentials, which is low-risk. But this also increases incoherence: automatic posting to a WeChat draftbox would normally require account credentials or a browser/session automation mechanism. The lack of any declared credential requirement is unexplained and warrants clarification.
Persistence & Privilege
Flags show default behavior (not always: true). The skill is user-invocable and can be invoked autonomously (platform default), but it does not request elevated persistence or modify other skills/settings.
What to consider before installing
This skill is suspiciously vague: it promises automatic delivery into the WeChat draftbox but gives no concrete method for doing so and requests no credentials. Before installing or using it, ask the author: (1) Exactly how are drafts uploaded to the WeChat backend — via official API, browser automation, or manual copy/paste? (2) If automation is used, what credentials/sessions are required and where are they stored? (3) Does the skill ever send content to external endpoints or third parties? (4) Will you need to install browser automation tooling (e.g., a browser extension, puppeteer) or provide cookies/session tokens? If the developer cannot clearly explain the upload mechanism and where credentials remain, treat the skill as a conceptual helper (manual workflow) rather than an automated publisher, and do not grant any account credentials or enable autonomous invocation. If you need true automated posting, require an implementation that documents authentication flow, credential storage, and network endpoints for review.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bar0nm8q3h6b0bnv6c4eapx84pyaf
91downloads
0stars
1versions
Updated 2w ago
v1.0.0
MIT-0
@martin-sh-ni
latest
Download

AUTO PUB(自动发布)

安全优先的半自动公众号发布方案

核心理念

AI写稿 → 草稿箱 → 人工确认 → 一键发布

全程可追溯,零误发风险。

工作流程

[AI生成文章内容]
       ↓
[自动投递至公众号草稿箱]
       ↓
[作者登录公众号后台审核]
       ↓
[确认发布/修改后再发]

功能特点

  • 自动投递草稿 — 收到文章内容后,自动生成草稿并推送到公众号草稿箱
  • 人工最后把关 — 每篇稿件都经过人工确认,杜绝误发
  • 零成本接入 — 无需第三方API,不依赖任何外部付费服务
  • 风险隔离 — 草稿箱模式 = 永远不会直接群发
  • 可升级架构 — 微信开放API后,可平滑升级为全自动发布

使用场景

场景说明
日更/周更公众号AI提高写作效率,人工把控质量
企业品牌号内容需审核后再发,合规安全
怕AI直接发出去的运营者草稿箱是最后一道安全阀

当前能力边界

能做到暂时做不到
AI撰写文章自动配图(草稿箱编辑器手动完成)
投递文章至草稿箱自动排版(建议用草稿箱格式刷)
提醒用户去发布直接自动群发(微信未开放API)
多风格内容生成回复评论/私信

未来升级路线

当前版本: AI写稿 → 草稿箱 → 人工发
    ↓ 微信开放API
下一版本: AI写稿 → 自动发布(可选自动/手动)
    ↓ 更多能力
终极版本: 全自动运营助手

安全声明

本技能不会自动执行任何群发操作。 所有稿件在发布前均需人工登录微信公众平台手动确认。 作者始终掌握最终发布权。

适用人群

  • 公众号运营者(个人 / 企业 / 媒体)
  • 希望用AI提效但不想放弃内容审核权的编辑
  • 对发布准确性要求高的账号

版本:v1.0 | 持续迭代中

Comments

Loading comments...