ClawHub
Back to skill
v1.0.0

wechat-article-reader

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 7:23 AM.

Analysis

This skill appears to do what it says: fetch WeChat article links and summarize them, with only expected web access and dependency-install considerations.

GuidanceThis looks safe for its stated purpose. Before installing, make sure you trust the package source and are comfortable allowing it to fetch WeChat article pages over the network; for stricter environments, pin the Python dependencies.

Findings (2)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityInfoConfidenceHighStatusNote
main.py
response = self.session.get(
                    url,
                    headers=headers,
                    timeout=self.timeout,
                    allow_redirects=True
                )

The skill performs an external HTTP request to the user-provided WeChat article URL. This is purpose-aligned and domain-scoped by the URL extraction logic, but it is still network activity users should understand.

User impactWhen used, the skill will fetch the WeChat article link from the network so it can parse and summarize the page.
RecommendationUse it only with article links you intend the agent to retrieve, and keep the domain restriction and timeout/retry limits in place.
Agentic Supply Chain Vulnerabilities
SeverityLowConfidenceHighStatusNote
requirements.txt
requests>=2.31.0
beautifulsoup4>=4.12.0
lxml>=4.9.0
fake-useragent>=1.4.0

The skill depends on external Python packages using minimum-version ranges rather than pinned versions. These dependencies are expected for web fetching and HTML parsing, but future package updates could change behavior.

User impactInstalling the skill may install or update third-party Python packages from the package ecosystem.
RecommendationPrefer installing from a trusted registry/source and consider using a lockfile or pinned dependency versions for reproducible installs.