微信公众号发布工具
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This appears to be a legitimate WeChat publishing skill, but it can publish or delete account content and handle WeChat secrets without clear approval guardrails, metadata disclosure, or reviewed implementation code.
Only install this if you control the WeChat Official Account and are comfortable granting write/publish authority. Review the actual implementation code before running npm install/build, store the app secret and token securely, and prefer draft mode plus manual approval before any public publishing.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent could submit an article to the WeChat Official Account's followers when the user expected a draft or review step.
Publishing to followers is an external, high-impact account action. Making immediate publishing the default, without documenting an explicit human confirmation or preview step, creates a material risk of unintended public posts.
- Publishing articles to followers - `publish` (boolean, optional): Whether to publish immediately (default: true). Set to false to save as draft.
Default to draft mode, require explicit user confirmation before publishing, and show a preview of the title, content, cover image, and target account before any public post.
Configuring the skill grants write authority over a WeChat Official Account, which may not be obvious from the registry metadata.
These credentials and cached tokens can authorize WeChat media upload, draft, publish, and delete operations. The registry metadata, however, declares no primary credential, required env vars, or config paths, so the account-level privilege requirement is under-disclosed.
"app_id": "your-wechat-app-id", "app_secret": "your-wechat-app-secret", "access_token_cache_file": "~/.openclaw/.wechat_mp_token.json"
Declare the credential and config requirements, document the exact account permissions needed, store secrets securely, and use the least-privileged WeChat account/API configuration available.
Users may need to run unreviewed npm/local project code to make the skill work, even though that code would handle WeChat credentials and public account mutations.
The reviewed artifact set contains only SKILL.md and no install spec or code files, yet the skill instructs users to install/build a local npm project and references source files not present in the manifest. That leaves the credential-handling and publishing implementation unreviewed.
cd /Users/zhizi/.openclaw/workspace/agents/dev-team/projects/active/wechat-mp-publisher npm install npm run build
Publish the actual source files, package metadata, and lockfile with the skill; add a clear install spec with pinned dependencies; and avoid absolute developer-machine paths.