wechat-mp-publisher
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: wechat-mp-publisher Version: 2.0.2 The skill is classified as suspicious due to the inherent risk of transmitting sensitive WeChat credentials (AppID and AppSecret) to a user-configured remote server (wenyan-mcp) as part of its core functionality, which relies heavily on the trustworthiness of that remote endpoint. While this is the stated purpose, it represents a significant trust boundary. Additionally, the `scripts/setup.sh` file contains a shell parsing vulnerability that could be exploited if the `TOOLS.md` file were maliciously crafted, and the `README.md` contains a misleading statement about credentials not being stored on disk, when they are present in `wechat.env`.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A remote MCP server that receives these credentials may be able to act on the user's WeChat Official Account, including creating or managing publishable draft content.
The script forwards the WeChat App Secret to the remote MCP publish method. This is high-impact delegated account authority, while the registry metadata declares no primary credential or required environment variables.
--arg app_secret "$WECHAT_APP_SECRET" ... mcporter call wenyan-mcp.publish_article --config "$MCP_CONFIG_FILE" --args "$PUBLISH_ARGS"
Use only a trusted/self-hosted MCP server, document the credential requirement clearly, prefer short-lived or least-privilege credentials where possible, and rotate the AppSecret if exposure is suspected.
Credentials and unpublished article content could be exposed to the network path or to an untrusted MCP endpoint.
The documented MCP connection uses plaintext HTTP to a remote server and makes authentication optional, while the workflow sends article content and WeChat credentials through that MCP channel.
"transport": "sse", "url": "http://<your-remote-server-ip>:3000/sse", "headers": { "X-API-Key": "<optional-api-key>" }Require HTTPS, strong authentication, and a trusted server for the MCP endpoint before sending account credentials or unpublished content.
Users may underestimate where their WeChat credentials are stored and how they are transmitted.
This safety claim conflicts with the provided setup flow that tells users to create a local wechat.env containing WECHAT_APP_ID and WECHAT_APP_SECRET, which may mislead users about credential persistence.
敏感凭证 (AppID/Secret) 仅在运行时传递,不落地存储。
Correct the documentation to state exactly where credentials are stored, when they are sent to the remote MCP server, and how users should protect or delete them.
If invoked with the wrong file, account, or server configuration, the agent could upload unintended content to the WeChat account draft workflow.
The skill intentionally lets the agent perform the upload/publish workflow automatically once invoked. This matches the purpose, but it is still a high-impact action on a third-party account.
我会自动: 1. 读取 `wechat.env` 获取凭证 2. 检查本地环境 (`mcporter`, `jq`) 3. 调用远程 MCP 完成发布
Before publishing, confirm the Markdown file, target account/server, theme, and whether the result is draft-only or public.