Skillv1.0.0

ClawScan security

wechat-article-getter · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 10, 2026, 6:03 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill mostly does what its name says (render WeChat pages with Playwright and extract text) but has several implementation mismatches and runtime behaviors that don't match the documentation and deserve caution before installing.
Guidance: This skill appears to implement a legitimate WeChat-article extractor, but there are implementation issues and runtime implications you should consider before installing: - The setup/install will download Python packages and a Chromium browser (~100–200MB) from the network and write them to your user cache/home. Expect a sizable download and disk usage. - The scripts call pip at runtime (subprocess.check_call). That is normal for bootstrapping Playwright but means code will execute package installation commands — run this in a controlled environment (container or VM) if you are cautious. - The documented mirror fallback is misleading: the mirror search code uses httpx but the setup script does not install httpx, and the fallback path in the main function does not provide the required title_hint, so automatic mirror fallback will generally fail. If you depend on that feature, review/patch the code (add httpx to installs and pass a title hint). - The tool only performs HTTP(S) requests to the target article and configured mirror sites; it does not request credentials or exfiltrate arbitrary files. Still, test with non-sensitive URLs first. Recommendations: Inspect the scripts locally, run setup and fetch inside an isolated environment (Docker/container) if possible, and confirm the network/download behavior is acceptable. If you need the mirror fallback, modify setup.py to install httpx and fix the call that invokes _fetch_via_mirror so it supplies a title hint extracted from the page or metadata.

Review Dimensions

Purpose & Capability: noteName/description match the included code: the Python scripts launch a headless Chromium via Playwright and extract WeChat article text. Required binaries (python3) are appropriate. However, SKILL.md describes a mirror-site fallback that references multiple aggregator sites, while the code's MIRROR_SITES list contains only two sites — a minor mismatch. Overall capability is coherent with the stated purpose.
Instruction Scope: concernSKILL.md tells the agent/user to run scripts/setup.py which will install Playwright and Chromium. The code will also attempt to pip-install playwright and beautifulsoup4 at runtime if Playwright is missing. Those install steps perform network downloads and write a browser to the user's home directory. The documented fallback behavior is misleading: _fetch_via_mirror requires a title_hint (and uses httpx), but fetch_wechat_article calls _fetch_via_mirror(url) without a title hint — so the automated fallback is effectively broken. The scripts only access network endpoints for the target article and mirror sites and do not access unrelated system files or credentials.
Install Mechanism: noteNo install spec in registry (instruction-only), but the included setup.py and runtime installers call pip and Playwright to download Python packages and Chromium (~100–200MB). These downloads come from Playwright/pip ecosystems (standard but large). This is higher friction and writes sizable files to disk, but it is expected for a headless-browser scraper. No unusual or personal-server download URLs are used in the provided code.
Credentials: okThe skill requests no environment variables, no credentials, and no privileged config paths. It does not attempt to read system secrets. The lack of required env vars is appropriate for the stated purpose.
Persistence & Privilege: okalways:false and no code that modifies other skills or system-wide agent configuration. The script writes any explicit output file only when an --output path is provided. It does install browser artifacts under the user's cache/home directories, which is expected for Playwright but not a privilege escalation.