ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Wechat Tutorial Editor Publisher

v1.0.0

模仿作者写作风格,完成教程类微信公众号文章编写,输出 Markdown 文件,一键发布到微信公众号草稿箱。

0· 33·0 current·0 all-time
by@niko-yang-arch
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The skill claims to publish to WeChat (wenyan-cli) which legitimately requires WECHAT_APP_ID/WECHAT_APP_SECRET, and the included scripts do use those. However the registry metadata declared no required env vars or primary credential, which is inconsistent. The SKILL.md also instructs storing credentials in various places (TOOLS.md and an assets/console.json suggestion) but the actual scripts read TOOLS.md — mismatch between claimed requirements and what the code expects.
!
Instruction Scope
SKILL.md tells the agent/user to run npm init/npm install and start a local server that collects personal info and uploads images to local skill directories — that part is coherent with collecting article assets. However SKILL.md also instructs the user to 'md5 encrypt' AppId/AppSecret and save them in the skill assets (console.json) for later auto-decrypt; no code in the repo implements such encryption/decryption. The runtime instructions reference reading $HOME/.openclaw/workspace/TOOLS.md for credentials, which is different from the console.json guidance. This inconsistent guidance about where/ how secrets are stored is a scope creep / coherence problem.
Install Mechanism
There is no formal install spec, but publish.sh will auto-install wenyan-cli via 'npm install -g @wenyan-md/cli' if missing. Global npm installs are traceable to the public registry (not a raw download), but automatic global installs can alter the host environment unexpectedly. No remote or obfuscated download URLs are used in the repo itself; the included package.json and package-lock.json reference common npm packages (express, multer, cors, fs-extra).
!
Credentials
The functionality legitimately needs WECHAT_APP_ID and WECHAT_APP_SECRET, and the publish scripts read them from TOOLS.md or environment variables. However the skill metadata did not declare them as required, and SKILL.md's recommendation to store user-supplied AppId/AppSecret md5-encrypted inside the skill's assets folder (console.json) is insecure and inconsistent with the scripts (which read TOOLS.md). MD5 is not encryption; storing credentials in the skill directory is poor practice and increases risk of accidental exposure.
Persistence & Privilege
The skill is not 'always: true' and does not request elevated platform privileges. The included server is local (binds to localhost:3000) and files are written into the skill's assets and files directories; scripts also may perform a global npm install. It does not modify other skills or system-wide agent settings. This is normal for a local publishing helper.
What to consider before installing
This skill appears to be what it says (a frontend + helper scripts that wrap wenyan-cli to publish WeChat articles), but there are inconsistencies and insecure suggestions you should address before running it: - Do not follow the SKILL.md advice to 'md5 encrypt' and store AppId/AppSecret inside the skill directory. MD5 is not encryption; storing secrets in the skill folder risks accidental leakage. Prefer exporting WECHAT_APP_ID and WECHAT_APP_SECRET as environment variables or keeping them in a secure credential store. - The metadata did not declare required env vars, but publish.sh and setup.sh expect WECHAT_APP_ID/WECHAT_APP_SECRET in $HOME/.openclaw/workspace/TOOLS.md or as env vars. Verify and set credentials manually (or use the setup.sh which reads TOOLS.md) before running publish.sh. - Inspect publish.sh and setup.sh yourself (you just have them) before executing. publish.sh may auto-install wenyan-cli globally (npm install -g), which changes your system environment. If you want to avoid global installs, install wenyan-cli manually or run in an isolated environment (container / VM / dedicated machine user). - The included server (server.js) listens on localhost:3000 and saves uploaded personal info and images into the skill's assets/files directories. That is local-only in the code, but if you expose the port or run on a networked host be aware uploads are stored on disk. Run it locally and restrict network exposure. - Confirm the wenyan-cli project referenced (https://github.com/caol64/wenyan-cli) is the intended upstream before installing. The publish action will contact WeChat APIs — verify the IP whitelist and credentials are correct. - Because SKILL.md and the scripts disagree about where credentials are stored (TOOLS.md vs console.json), pick one safe approach and remove unused credential-storage instructions from the skill files to avoid confusion. If you are not comfortable with these inconsistencies or storing credentials, consider running the skill in an isolated environment or decline installation until the author fixes the metadata/instructions and removes the insecure credential-storage guidance.

Like a lobster shell, security has layers — review code before you run it.

latestvk971421cyjs0s5498bm3na666n83z4vx

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

😊 Clawdis

Comments