Back to skill
Skillv3.1.3
ClawScan security
微信公众号自动发布增强版 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
ReviewMar 13, 2026, 8:18 AM
- Verdict
- Review
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's code and runtime instructions match its stated purpose (publishing to WeChat) but the package metadata omits the fact that it requires WeChat credentials (APPID/APPSECRET), an inconsistency users should be aware of before installing.
- Guidance
- This skill appears to implement exactly what it claims — a WeChat article publisher — and the included Python file shows network calls only to the official WeChat API (api.weixin.qq.com). However, the package metadata did not declare the required WECHAT_APPID/WECHAT_APPSECRET even though SKILL.md and the script ask for them. Before installing or providing credentials: - Inspect the included wechat_publish.py (already provided) to confirm there are no unexpected remote endpoints or obfuscated code (the file calls only api.weixin.qq.com). - Only provide your APPID/APPSECRET to skills you trust; consider using a limited or test WeChat account first. - Use the script's --dry-run (or run locally) and avoid putting credentials into untrusted shared environments. - Confirm network calls go to api.weixin.qq.com (monitor outgoing connections if possible). I rated this 'suspicious' because of the metadata omission regarding required credentials; that omission could be an innocent packaging error but is worth double-checking. If you find other required env vars, remote installers, or non-WeChat endpoints in the code, that would raise the severity.
Review Dimensions
- Purpose & Capability
- okName, description, SKILL.md and the included wechat_publish.py all consistently implement a WeChat article publisher (upload image, convert Markdown to HTML, create draft via api.weixin.qq.com). The requested capabilities (WeChat APPID/APPSECRET, reading article/cover files) are proportionate to the stated purpose.
- Instruction Scope
- noteSKILL.md instructs the agent/user to set WECHAT_APPID/WECHAT_APPSECRET and to provide article and cover file paths. Instructions stay within publishing scope and do not request unrelated system data. Minor note: SKILL.md and README suggest copying a .env file and adjusting IP whitelist, which is expected for WeChat API usage but grants the skill network access to the WeChat endpoints.
- Install Mechanism
- okNo install spec — instruction-only with a single included Python script. No downloads from external or untrusted URLs and no archive extraction. Risk from installation is low; execution will run the included script using local Python and the requests library (standard behavior).
- Credentials
- concernSKILL.md requires WECHAT_APPID and WECHAT_APPSECRET, and the code uses appid/appsecret to obtain access_token — this is appropriate for the purpose. However, the registry metadata lists no required environment variables or primary credential, which is an inconsistency (the skill asks for sensitive credentials but the package metadata does not declare them). Users should treat this omission as a packaging mistake at minimum and verify before providing credentials.
- Persistence & Privilege
- okThe skill does not request always:true and does not modify other skills or system-wide settings. It simply runs as a script and communicates with api.weixin.qq.com. No elevated persistence or privileged system-wide access requested.