ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

微信公众号文章抓取

v1.0.0

Fetch complete content from WeChat public account articles (mp.weixin.qq.com). Use when extracting content from WeChat official account links, especially whe...

1· 64·0 current·0 all-time
by@ranhuang
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The skill name and SKILL.md specifically target mp.weixin.qq.com articles, but the runtime script (weixin_fetch.py) accepts and fetches any http/https URL. validate_url only checks scheme and presence of a domain, not the domain value or whether the host is private/loopback. This mismatch is disproportionate to the stated purpose and enables requests to arbitrary hosts (including internal addresses).
!
Instruction Scope
SKILL.md instructs running the script with a WeChat article URL, which implies a narrow scope. However the code does not enforce that scope and will perform HTTP requests to any provided URL. The instructions do not warn about this expansion of scope or potential risks (e.g., accessing internal network services or metadata endpoints).
Install Mechanism
There is no install spec; the skill is instruction-plus-script. The included requirements.txt lists httpx, readability-lxml, and lxml — reasonable dependencies for HTML fetching and parsing. No third-party download URLs or extracted archives are present.
Credentials
The skill requests no environment variables, no credentials, and no config paths. The code does not read environment secrets. This is proportionate to the declared purpose.
Persistence & Privilege
The skill does not request always:true and does not modify other skills or persistent system settings. It is user-invokable and can be invoked autonomously (platform default), which is normal and not by itself concerning.
What to consider before installing
This skill mostly does what it says (fetch and extract WeChat article HTML), but the included Python script will fetch any http(s) URL you pass it — not just mp.weixin.qq.com. That creates a potential SSRF/internal-network access risk (e.g., accessing 169.254.169.254, localhost, or other internal services) if an attacker or misconfigured agent supplies a URL. Before installing or using this skill: - Treat it as capable of making arbitrary outbound HTTP requests. Run it in a network-isolated/sandboxed environment if you will pass untrusted URLs. - Prefer a patched version that enforces an allowlist (e.g., require hostname endswith "mp.weixin.qq.com" or a configured set of domains) and rejects IP literals, localhost, and private RFC1918 addresses. - Consider adding hostname resolution checks and preventing connections to private/internal ranges. - Audit and pin the Python dependencies from PyPI before installing. If you only intend to fetch WeChat articles, request or make a small change: enforce domain validation in validate_url or wrap the script so only permitted hostnames are accepted.

Like a lobster shell, security has layers — review code before you run it.

latestvk978get8kn7p6zfcxca55ng3xx844nnw

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments