wechat-pack
PassAudited by ClawScan on May 1, 2026.
Overview
This appears to be a purpose-built local document packager, but it can download image URLs and copy referenced local files into the publish folder, so users should review outputs before publishing.
This skill looks coherent for converting local documents into WeChat-ready HTML. Before installing or using it, be aware that it can download image URLs and copy files referenced by the source document into the generated publish folder; review those generated files before publishing.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A document with external or local image references can cause network requests or copy referenced local files into the publish folder before the user publishes it.
When processing a document, the script automatically downloads remote image URLs and copies existing local file paths referenced in image tags into the output assets directory.
if src.startswith("http://") or src.startswith("https://"):
local_path = _download_url(src, assets_dir)
...
shutil.copy2(candidate, dest)Use this skill on documents you trust, and inspect the generated `assets/`, `cover/`, and `wechat/article.html` files before pasting or publishing in WeChat.
Docx conversion depends on whichever `pandoc` executable is installed on the user’s system PATH.
The skill relies on an external PATH-resolved pandoc binary for .docx conversion, while the registry metadata declares no required binaries.
For `.docx` conversion, `pandoc` must be available in `PATH`.
Install pandoc from a trusted source if using .docx input, and avoid running with an untrusted PATH configuration.