wechat-mp-publisher
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill is coherent for WeChat publishing, but it forwards WeChat account secrets and article content to a remote MCP endpoint that is documented as plain HTTP with optional authentication, and its credential-storage claims are inconsistent.
Use this skill only if you control or fully trust the remote MCP server. Configure HTTPS and authentication, understand that your WeChat AppSecret and article content are sent to that server, store wechat.env securely, and confirm each publish action before running it.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A remote MCP server that receives these credentials may be able to act on the user's WeChat Official Account, including creating or managing publishable draft content.
The script forwards the WeChat App Secret to the remote MCP publish method. This is high-impact delegated account authority, while the registry metadata declares no primary credential or required environment variables.
--arg app_secret "$WECHAT_APP_SECRET" ... mcporter call wenyan-mcp.publish_article --config "$MCP_CONFIG_FILE" --args "$PUBLISH_ARGS"
Use only a trusted/self-hosted MCP server, document the credential requirement clearly, prefer short-lived or least-privilege credentials where possible, and rotate the AppSecret if exposure is suspected.
Credentials and unpublished article content could be exposed to the network path or to an untrusted MCP endpoint.
The documented MCP connection uses plaintext HTTP to a remote server and makes authentication optional, while the workflow sends article content and WeChat credentials through that MCP channel.
"transport": "sse", "url": "http://<your-remote-server-ip>:3000/sse", "headers": { "X-API-Key": "<optional-api-key>" }Require HTTPS, strong authentication, and a trusted server for the MCP endpoint before sending account credentials or unpublished content.
Users may underestimate where their WeChat credentials are stored and how they are transmitted.
This safety claim conflicts with the provided setup flow that tells users to create a local wechat.env containing WECHAT_APP_ID and WECHAT_APP_SECRET, which may mislead users about credential persistence.
敏感凭证 (AppID/Secret) 仅在运行时传递,不落地存储。
Correct the documentation to state exactly where credentials are stored, when they are sent to the remote MCP server, and how users should protect or delete them.
If invoked with the wrong file, account, or server configuration, the agent could upload unintended content to the WeChat account draft workflow.
The skill intentionally lets the agent perform the upload/publish workflow automatically once invoked. This matches the purpose, but it is still a high-impact action on a third-party account.
我会自动: 1. 读取 `wechat.env` 获取凭证 2. 检查本地环境 (`mcporter`, `jq`) 3. 调用远程 MCP 完成发布
Before publishing, confirm the Markdown file, target account/server, theme, and whether the result is draft-only or public.