Skillv1.0.0

ClawScan security

WeChat Articles Reader · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 9, 2026, 10:30 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's code matches its description (it uses Playwright + Chrome to evade WeChat bot checks), but there are instruction-level inconsistencies and privacy-sensitive behavior (mandatory screenshot) that merit caution before installing.
Guidance: This skill appears to do what it claims (fetch and screenshot WeChat articles by evading anti-bot checks). Main concerns: (1) the SKILL.md mandates always sending a screenshot — that can leak images of pages that may include private or sensitive information, even if the user didn't ask for an image; (2) the code performs filesystem searches to locate node modules (normal for dependency resolution, but it reads local paths); and (3) the skill author and homepage are unknown. Before installing: review the two included scripts yourself, consider running the skill in an isolated environment, and/or modify the SKILL.md to make screenshotting opt-in (or require explicit user consent before sending images). If you will run this in a production/chat environment, prefer a manual confirmation step before sending screenshots and ensure the host has only the minimum necessary access.

Review Dimensions

Purpose & Capability: noteName/description align with included scripts: both fetch text and capture screenshots from mp.weixin.qq.com using playwright-core and a local Chrome binary. The included code intentionally hides automation fingerprints to bypass WeChat bot checks — this is coherent with the stated goal.
Instruction Scope: concernSKILL.md instructs the agent to always run fetch and to 'Never skip the screenshot' and to send the screenshot via message(action=send). That forces transmission of rendered page images (which may contain PII or sensitive content) even when the user didn't request an image. The SKILL.md also contains a contradictory statement earlier (recommended workflow says screenshot is optional), creating ambiguity about when images are required. Scripts also run filesystem searches (execSync with find) to locate playwright-core, which reads local paths and may reveal system layout — this is explainable for dependency discovery but worth noting.
Install Mechanism: okNo remote install/downloads or extract steps; this is an instruction-only skill with two included Node scripts. Dependencies are local Chrome/Chromium and playwright-core, which the SKILL.md instructs the operator to install manually. No external archives/URLs are fetched by the skill itself.
Credentials: okThe skill requests no environment variables, no credentials, and no config paths. Its use of local binaries (Chrome) and node modules (playwright-core) is proportionate to the task. The scripts do reference HOME and NVM_DIR when searching for modules, which is reasonable for locating node modules but does touch local environment values.
Persistence & Privilege: okThe skill is not always-enabled, does not request elevated persistence, and does not alter other skills or system-wide settings. It runs only when invoked.