WeChat Tietu Draft
v1.0.0创建微信公众号贴图类型草稿的自动化工具。专门用于创建简化界面的贴图草稿(只有标题和正文),适合图片为主的内容。使用触发词"发布贴图草稿"、"创建贴图草稿"、"贴图草稿"、"微信公众号贴图"或"贴图类型草稿"激活。提供统一入口脚本(skill_main.py)进行状态感知的全流程管理。
⭐ 0· 143·0 current·0 all-time
by@punkin6
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description match the implementation: the scripts exclusively operate on a local Chrome DevTools (CDP) endpoint to create WeChat mp drafts from a .txt file. Required tools (Chrome, Python, websockets package) and behavior (opening a Chrome debugging port, reading .txt, navigating mp.weixin.qq.com, extracting token from page URL) are appropriate for the stated goal.
Instruction Scope
Runtime instructions stick to the declared purpose: validate a .txt, ensure Chrome/CDP is available, connect to the local DevTools websocket, navigate to create a draft, and save logs/screenshots locally. Note: the skill will capture and write a PNG screenshot of the page (mp_login_screenshot.png) and connects to any open Chrome pages via CDP—this is expected for the task but can expose page content if sensitive tabs are open.
Install Mechanism
Instruction-only with a minimal requirements.txt (websockets). No remote download/install from arbitrary URLs, no archive extraction, and no package installs beyond standard pip usage — proportional to the task.
Credentials
No external credentials or unrelated environment variables are requested. The code reads the input .txt, may use TIETU_MAX_WAIT and a CDP port env var if set, and intentionally clears proxy-related env vars in-process to avoid SOCKS issues. It extracts the WeChat token from the page URL (necessary to create the draft) — this is consistent with the skill's purpose.
Persistence & Privilege
Skill does not request permanent/always-on presence and defaults to normal, user-invocable behavior. It writes logs and a screenshot into its directory when run (expected), but does not modify other skills or global agent configs.
Assessment
This skill appears to do what it says, but before running code from an unknown source you should: (1) inspect the files locally (you already have them); (2) run in an isolated environment or Python virtualenv; (3) launch it only with a dedicated Chrome profile or user-data-dir so it doesn't have access to other browser sessions; (4) be aware the script connects to your local Chrome DevTools and can read page contents and take screenshots — avoid leaving other sensitive pages/tokens open in that Chrome instance; (5) note it writes mp_login_screenshot.png and skill.log to the skill directory; (6) install the websockets dependency in a virtualenv and run the entrypoint (skill_main.py) per the README. If you are uncomfortable with local CDP access or unreviewed code, review the full source or run it in a sandboxed VM.Like a lobster shell, security has layers — review code before you run it.
latestvk97bzt7hek91rd1jzxxc5qk8t18346w4
License
MIT-0
Free to use, modify, and redistribute. No attribution required.