Back to skill
Skillv2.0.3
ClawScan security
Wechat Mp Publisher · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
ReviewMar 14, 2026, 10:25 AM
- Verdict
- Review
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The code and runtime instructions implement a legitimate WeChat MP publisher, but the package metadata omits required credentials and provenance is unclear — check credentials, provenance, and run in a sandbox before use.
- Guidance
- This package appears to implement exactly what it claims (WeChat MP article publishing) and legitimately needs your WeChat AppID and AppSecret, but the registry metadata omitted those required credentials and the package source/homepage are not provided. Before installing or granting access: 1) Verify the source/owner (unknown homepage) and prefer packages with known provenance. 2) Provide credentials via environment variables (WECHAT_MP_APP_ID / WECHAT_MP_APP_SECRET) rather than committing a config file. 3) Inspect the included code yourself or run npm install/build in an isolated environment (container or dedicated VM). 4) Confirm you are comfortable the token cache is stored under ~/.openclaw and that file permissions are acceptable (the code attempts 0o600/0o700). 5) If you only need drafts (no publishing), use a non-authenticated account or limit privileges on the account used for automation. 6) Because metadata omitted required env vars, treat this as a transparency issue — ask the publisher/registry for corrected metadata and provenance before enabling this skill in production.
Review Dimensions
- Purpose & Capability
- noteThe skill's name, description, SKILL.md, and source files consistently implement WeChat Official Account article publishing (access token management, media upload, draft/publish/status operations). However the registry metadata lists no required environment variables or primary credential while the code clearly requires AppID/AppSecret (via config file or environment variables). This mismatch is unexpected and should have been declared in metadata.
- Instruction Scope
- okRuntime instructions and code are scoped to the stated purpose: they read a local config file (~/.openclaw/config/wechat-mp.json) or environment variables for AppID/AppSecret, manage a local token cache (~/.openclaw/.wechat_mp_token.json), and upload files provided by the user. The code does not reference unrelated system paths or external endpoints beyond api.weixin.qq.com.
- Install Mechanism
- okThere is no install spec in the registry entry (instruction-only), but the bundle includes a standard Node.js project (package.json, package-lock.json) relying on axios and form-data. No downloads from untrusted URLs or extract-from-URL steps are present in the files provided. Installation risk is typical for a Node package; install in a controlled environment if uncertain.
- Credentials
- concernThe code requires sensitive credentials (WECHAT_MP_APP_ID and WECHAT_MP_APP_SECRET) provided via config file or environment variables, which is proportionate to the functionality. The concern is that the registry metadata does not declare any required environment variables or primary credential — this omission is a transparency/provenance problem. The skill also writes a token cache file under the user's home directory (it uses restrictive permissions by default), which is expected but should be reviewed.
- Persistence & Privilege
- okThe skill does not request 'always: true' and does not attempt to modify other skills or global agent configuration. It stores a token cache and expects a user config under ~/.openclaw; these are normal for the functionality and are created under the user's home directory with permission checks in place.