Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

jike-wechat-writer

v1.0.1

提供微信公众号文章创作全流程指导,支持选题挖掘、风格拆解、正文写作、配图策略及排版样式应用。

0· 46·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The declared purpose (WeChat article creation: topic discovery, style analysis, writing, image strategy, rendering) aligns with the included scripts (writer.py and render.py) and reference docs. The scripts legitimately call an external API for trend/search/style/image capabilities and render local Markdown to HTML, which fits the stated functionality. However, the skill metadata in the top-level registry claims no required env vars/binaries while SKILL.md's embedded metadata requires python3 and a primaryEnv of 100CITY_API_KEY — an inconsistency between what the skill says it needs and what the registry lists.
Instruction Scope
Instructions direct the agent to run the included Python scripts, read and write local files (MEMORY.md, article .md files, scripts/config.json), call web_fetch for external content, and only perform image generation/search via writer.py. All of those are coherent with an authoring workflow. The policy that the skill must stop if the API key is not configured is explicit. Nothing in SKILL.md instructs reading unrelated system files, but it does require the agent to use file read/write operations and to call external APIs — expected, but material to user privacy and network use.
Install Mechanism
No install spec is present; the skill is instruction + included Python scripts. That minimizes installer risk (no arbitrary installers/downloads). The scripts are pure Python and use only stdlib (urllib, json, etc.).
!
Credentials
The runtime requires an API key (100CITY_API_KEY) and optionally 100CITY_BASE_URL (or config.json). Requesting a single service API key is proportional to the described remote capabilities. But the top-level registry incorrectly lists no required env vars while SKILL.md explicitly names 100CITY_API_KEY as primaryEnv — this metadata mismatch is concerning. The default base_url in config.json is https://gin-test.100.city/api and asset hosts referenced in styles/render are external (e.g., qiniu-cloud.dso100.com, file.dso100.com). Those domains are not documented in the skill description; you should verify the legitimacy of the 100.city service and the external asset hosts before supplying credentials.
Persistence & Privilege
The skill does not request always:true and does not modify other skills or system-wide settings. It will read and write files within the skill directory (styles/, MEMORY.md, article .md), which is expected for this workflow. It does record theme IDs and style reports into MEMORY.md per instructions — that is local persistence for the skill's purposes.
What to consider before installing
This skill appears to implement the advertised WeChat-article workflow, but take these precautions before installing or entering secrets: - Metadata mismatch: the registry claims no required env vars/binaries, but SKILL.md and the scripts require python3 and an API key named 100CITY_API_KEY. Treat that mismatch as a red flag: ask the publisher/maintainer to clarify and correct the metadata. - Verify the API host: the default API base_url is https://gin-test.100.city/api (and scripts will call that service). Confirm that the 100.city service (and the 'gin-test' host) is legitimate and that you trust it with any API key you provide. If unsure, do not provide any production credentials. - Use a scoped or throwaway key first: if you want to test, create a limited-scope API key or a test account, not a high-privilege or production credential. The scripts use the key as a Bearer token for API calls. - Inspect network activity: the scripts contact external services (API host and some asset hosts like qiniu-cloud.dso100.com and file.dso100.com). If you run the skill, do so in a network-monitored or sandboxed environment first to observe outbound endpoints. - Review file writes: the skill reads/writes MEMORY.md and article .md files and may save themes under styles/. If you have sensitive local files named MEMORY.md in your environment, ensure they are appropriate for the skill to read. - If you need higher assurance, ask the publisher for provenance (who published it), a canonical homepage/repo, and confirmation that the base_url and asset hosts are official. Correcting the registry metadata (declared required env vars and binaries) would significantly raise confidence. Given the above, proceed cautiously: the code itself does not show clear exfiltration of arbitrary files, but the external API endpoints and metadata inconsistencies justify further verification before granting credentials or enabling the skill broadly.

Like a lobster shell, security has layers — review code before you run it.

latestvk972eswystr4ryddsdk8r5hb1d83x6vb

License

MIT-0
Free to use, modify, and redistribute. No attribution required.

Comments