youmind-wechat-article
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill mostly matches its WeChat article-writing purpose, but it can automatically push content into a WeChat draft account and optionally install another external skill, so users should review it before use.
Install this only if you want an agent to help manage WeChat Official Account drafts. Before using it, protect the config file containing AppSecret/API keys, run previews first, tell the agent not to publish unless you explicitly approve, and decline the optional Impeccable install unless you separately trust and review that external skill.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A request to write or format an article could create a WeChat draft automatically, even if the user expected to review it first.
This directs the agent to perform a third-party account mutation without a final user approval checkpoint.
Always publish directly to WeChat drafts. Do NOT ask the user whether to publish — this step is mandatory and automatic.
Change the workflow so publishing requires explicit confirmation, and use local preview as the default until the user approves pushing to WeChat drafts.
Anyone or any agent run with access to the configured secrets may be able to create drafts or use the connected services.
The skill needs credentials that can access the user's WeChat Official Account API; this is expected for publishing but is sensitive authority.
Get WeChat AppID & AppSecret ... fill `wechat.appid` and `wechat.secret`
Protect `config.yaml`, use the least-privileged account/API access available, rotate keys if exposed, and confirm which WeChat account is configured before publishing.
A custom-theme request could add new code or instructions to the user's agent setup that were not part of this skill review.
The skill may install an additional external skill for theme design, using an unpinned source and a yes flag, which expands the agent environment beyond the reviewed package.
If user agrees, run: `npx skills add pbakaus/impeccable --yes`
Do not auto-install extra skills from this workflow; require a separate, explicit review and approval of the external skill and avoid `--yes` defaults.
Using the toolkit means trusting local command execution during formatting/preview operations.
The toolkit runs a local shell command for Mermaid support; the shown command is fixed and purpose-aligned, but it depends on the user's local PATH and installed tools.
execSync('mmdc --version', { stdio: 'pipe', timeout: 5000 });Run the toolkit in a trusted project environment and review installed dependencies and PATH tools before use.
Future articles may be shaped by stored edits, lessons, and client history, including any sensitive or low-quality examples placed there.
The skill persists learned style lessons and refreshes a playbook that can influence future writing outputs.
Every 5 accumulated lessons triggers a playbook refresh with `--summarize`.
Keep client corpora and lessons scoped to trusted material, periodically review or delete learned files, and avoid storing confidential drafts unless intended.
A long-running operation could continue in the background and later notify the user, which may be surprising if not clearly confirmed.
The documentation supports background subagents for long-running polling tasks; this is disclosed, but users should know work may continue outside the main chat turn.
the agent should: 1. Proactively spawn a subagent for the polling + extraction work
Ask before starting background agents, show status, and provide a way to cancel or avoid background processing.