Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
WeChat Article Digest
v1.0.0微信公众号文章抓取、分类与日报生成。当用户发送公众号文章链接(mp.weixin.qq.com)、说"文章日报"、"今日阅读"、"归类一下"、"整理文章"、"帮我看看这篇文章"时触发。也用于用户日常转发文章链接时自动抓取摘要和分类。
⭐ 0· 24·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The SKILL.md clearly implements WeChat article fetching, tagging, summarization, and appending entries to memory files — which matches the description. One inconsistency: the runtime instructions call curl and python3 (via exec), but the skill metadata lists no required binaries. Either the environment must already provide curl/python3 or the metadata should declare them.
Instruction Scope
Instructions are narrowly scoped to fetching mp.weixin.qq.com article pages, extracting title/author/body, generating summaries and tags, and writing per-day markdown files in memory/. This matches the purpose. Items to be aware of: the skill executes shell commands (curl) and a Python extraction snippet, and it writes full article text into memory/YYYY-MM-DD.md — that is expected but means fetched content will persist in agent memory.
Install Mechanism
There is no install spec or downloaded code; the skill is instruction-only, so nothing is written to disk by an installer. This is the lowest-risk install model.
Credentials
The skill requests no environment variables, credentials, or external configuration paths. All required actions (HTTP fetch, local parsing, memory write) are proportional to its purpose.
Persistence & Privilege
always is false and the skill writes only to its own memory/YYYY-MM-DD.md files as described. It does not request elevated or system-wide privileges. Note: allowed-tools includes exec, read, write, edit which permits running commands and modifying agent memory — appropriate for this skill but worth confirming you are comfortable with those tool permissions.
Assessment
This skill appears to do what it says: scrape mp.weixin.qq.com article pages, extract title/author/body, generate a 1–2 sentence summary and 1–2 tags, and append the record to memory/YYYY-MM-DD.md for daily reports. Before installing, consider: (1) Ensure the agent environment has curl and python3 available (the SKILL.md uses them but metadata doesn't list required binaries). (2) Be aware fetched article contents are stored in memory files — if you forward private or sensitive links, their contents will be persisted. (3) The skill executes shell and Python commands (via exec); run in a trusted/sandboxed agent if you have concerns about executing commands in your environment. (4) Scraping WeChat pages may sometimes fail or return obfuscated content; the skill's regex-based extraction is brittle. If any of these are unacceptable, ask the publisher to declare required binaries, to avoid exec usage, or to change storage behavior before enabling the skill.Like a lobster shell, security has layers — review code before you run it.
articlevk97aa54zqw0a7468e09d0y4qmx8434zmchinavk97aa54zqw0a7468e09d0y4qmx8434zmdigestvk97aa54zqw0a7468e09d0y4qmx8434zmlatestvk97aa54zqw0a7468e09d0y4qmx8434zmwechatvk97aa54zqw0a7468e09d0y4qmx8434zm
License
MIT-0
Free to use, modify, and redistribute. No attribution required.