Wechat Tutorial Editor Publisher
WarnAudited by ClawScan on May 10, 2026.
Overview
This skill mostly matches its WeChat publishing purpose, but it needs review because it handles WeChat account secrets unsafely and runs an unauthenticated local upload server.
Install only if you are comfortable giving the skill access to WeChat Official Account publishing credentials. Do not store AppSecret in a console.json file or rely on MD5 for protection; use environment variables or a proper secret store. Run the local server only when needed, preferably bound to localhost, and review article/images before publishing to the WeChat draft box.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If these secrets are mishandled, anyone with access to the files could potentially use the WeChat Official Account API to upload media or create drafts.
The skill requires WeChat AppID/AppSecret and instructs persistent local reuse of those account credentials, including a weak/incorrect MD5-based storage approach in the skill assets directory.
API 凭证已保存在 `/Users/leebot/.openclaw/workspace/TOOLS.md` ... 用户发给你的AppId和AppSecret请用md5加密保存在当前skill目录下的assets目录下,创建一个名为console.json的文件...下次读取时自行解密即可。
Declare the WeChat credential requirement explicitly, use environment variables or a real secret manager, do not store AppSecret in the skill directory, and require user approval before reusing credentials.
A user may believe their WeChat credentials are safely protected when they are not.
Calling MD5 “encryption” and saying it can be decrypted is misleading; MD5 is not reversible encryption and is not appropriate protection for secrets.
AppId和AppSecret请用md5加密保存...下次读取时自行解密即可。
Remove the MD5 storage instruction and document a safe credential flow using environment variables, a secrets vault, or user-supplied credentials per publish session.
While the server is running, an unexpected local-network client or malicious web page could submit or alter stored article/profile data used by the skill.
The server enables broad CORS, has unauthenticated POST endpoints, accepts file uploads, writes persistent local files, and listens on the configured port without a localhost-only binding shown.
app.use(cors()); ... app.post('/api/personal-info' ... writeFile(... 'personal-info.txt') ... app.post('/api/save-steps' ... writeJson(... 'steps.json') ... app.listen(PORT)Bind the server to 127.0.0.1, restrict CORS to the local UI, add a random session token/CSRF protection, and enforce file type and size limits.
Installing the skill may cause npm to fetch and run code from the package registry with the user’s normal system privileges.
The publish script automatically installs an unpinned global npm CLI when missing. This is disclosed and central to the publishing purpose, but it adds third-party code execution risk.
if ! command -v wenyan ... npm install -g @wenyan-md/cli
Pin the CLI version, prefer a local project install over global install, and ask the user before installing missing dependencies.
Personal profile details and QR/contact images remain in the skill directory and may be reused in later generated content.
The skill intentionally stores personal profile text and images for later reuse in generated articles.
收集用户信息,存入./assets/personal-info.txt文件和./assets/personal-imgs目录下。
Review the stored assets periodically, delete old profile/images when no longer needed, and confirm before including them in published drafts.