Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
wx-mp-push
v1.0.0自动化微信公众号文章发布,通过 API 创建和管理文章草稿,支持 Markdown 和 HTML 两种输入格式,自动 MD→HTML 转换,支持封面图和正文图片自动上传。用于:发布文章到公众号、创建内容草稿、自动化内容工作流、或设置定时发布系统。
⭐ 0· 64·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description align with what is provided: a Python script that converts Markdown to WeChat-friendly HTML, manages access tokens, uploads images, and creates drafts via the WeChat API. The required credentials (AppID/AppSecret) are stored in a local config.json file, which is proportionate to the stated functionality.
Instruction Scope
Runtime instructions and the script will scan HTML for <img> src attributes and will open/read local files (relative or absolute) referenced there and upload them to WeChat. Because user-supplied HTML can include arbitrary local paths, this behavior could cause inadvertent reading and uploading of sensitive local files. The docs are also inconsistent about handling external URLs (some places say external URLs are kept, other examples imply external images may be uploaded), increasing risk of unexpected network I/O.
Install Mechanism
No install spec; the skill is instruction + script only. It uses Python and a single dependency (httpx) which is reasonable and low-risk compared with arbitrary downloads.
Credentials
No platform environment variables are requested. Secrets are expected in config.json (appId/appSecret). That is proportionate, but storing AppSecret in a plaintext config file and the script caching tokens under .tokens should be noted as a local secret storage decision that the user must manage securely.
Persistence & Privilege
Skill is not always-enabled and is user-invocable (normal). However, because the script can read local files referenced by content and upload them externally, allowing autonomous invocation or running in an environment with sensitive files increases the blast radius; consider invocation controls and sandboxing.
What to consider before installing
This skill appears to implement the advertised WeChat article-publishing features, but proceed with caution: 1) It expects you to put AppID/AppSecret into config.json — keep that file private and do not check it into source control. 2) The publish script will scan article HTML for <img src="..."> and will open local files (relative or absolute) and upload them to WeChat; if the HTML contains paths to sensitive files (e.g., /etc/… or other local secrets) those files could be read and sent to an external service. Don't run this on machines containing sensitive data unless you inspect the code and control the content it processes. 3) Documentation has contradictions about handling external URLs — verify whether external remote images are fetched and re-uploaded. 4) Review the script (publish_article.py) yourself, run it in an isolated environment (or with a test account) first, and restrict where config.json and the token cache are stored. If you want a safer setup, provide only sanitized content (no absolute paths), or run the tool in a container with limited filesystem visibility and network access. If you want, I can point out specific lines in publish_article.py that perform file reads and uploads so you can inspect them more closely.Like a lobster shell, security has layers — review code before you run it.
latestvk97f60ex0emvfhcnmjpcsjpep183psf7
License
MIT-0
Free to use, modify, and redistribute. No attribution required.