ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

wechat-mick

v1.0.1

总结微信公众号文章内容。当用户提供微信公众号文章链接(mp.weixin.qq.com)并要求总结、概括、摘要、快速了解文章内容时使用此 skill。也适用于用户说"帮我看看这篇文章讲什么"、"这篇公众号文章说了啥"、"总结一下这个链接"等请求。只要看到 mp.weixin.qq.com 的链接并且用户想了解内容...

0· 219·0 current·0 all-time
by@mick2458pan·duplicate of @mick2458pan/wechat-summary2
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description target mp.weixin.qq.com articles and both SKILL.md and scripts/fetch_article.py implement logic to fetch title/author/content from WeChat article pages — the requested behavior is appropriate for the stated purpose.
Instruction Scope
SKILL.md restricts use to WeChat article links and prefers WebFetch, with a fallback to running the included Python script. The fallback script issues an HTTP GET to the provided URL and prints extracted text. Note: the script will fetch whatever URL it is given (it does not validate hostnames), so if invoked with non-wechat URLs it will make outbound requests to those addresses.
Install Mechanism
No install spec — instruction-only with a small included Python script. No downloads from external installers or archives. The script depends on the 'requests' Python package, but nothing is installed by the skill itself.
Credentials
The skill requests no environment variables, credentials, or config paths. Its runtime behavior (HTTP GET of the user-provided link) is proportionate to summarizing an article.
Persistence & Privilege
always is false and the skill does not request persistent or elevated platform privileges or modify other skills. It runs only when invoked.
Assessment
This skill appears coherent and implements its stated purpose. Before installing, note: - The skill will run a bundled Python script as a fallback which issues an HTTP GET to the URL you provide; ensure you only ask it to fetch links you trust. The script does not validate hostnames and could fetch any reachable endpoint if given a different URL. - The environment running the skill must have Python and the 'requests' library available, otherwise the script fallback will fail. - No credentials or secrets are requested by the skill. If you need to be extra cautious, review the included fetch_article.py file yourself; it contains straightforward HTML extraction logic and no obfuscated or remote-control behavior.

Like a lobster shell, security has layers — review code before you run it.

latestvk9732pdwmt4mp61kj6av0bck4582r9kpwechatvk9732pdwmt4mp61kj6av0bck4582r9kp

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments