WeChat Article Creator
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill is coherent for creating WeChat article drafts, but it uses WeChat developer credentials and can add drafts to the account, so review outputs before publishing.
Install only if you are comfortable providing WeChat Official Account developer credentials. Use it for explicit drafting tasks, keep WECHAT_SECRET protected, and review any generated draft in WeChat before publishing.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill can use the configured WeChat developer credentials to act against the associated official account API.
The skill requires WeChat Official Account developer credentials, which are sensitive account-level secrets. This is purpose-aligned for creating drafts, but users should understand the account authority being granted.
需要配置微信公众号开发者凭据: ... WECHAT_APPID ... WECHAT_SECRET
Use credentials only for the intended WeChat account, keep the secret private, and rotate it if you no longer trust the environment where the skill ran.
Running the workflow may create article drafts in the WeChat official account.
The code includes a purpose-aligned API call that creates a WeChat draft. It does not publish content, but it can still mutate the account's draft state.
const url = `https://api.weixin.qq.com/cgi-bin/draft/add?access_token=${accessToken}`;Run it only for topics you intend to draft, inspect generated content in the WeChat backend, and manually review before publishing.