wacai-zhishudashi-baidu-ranking
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: wacai-zhishudashi-baidu-ranking Version: 1.0.0 The skill bundle is a legitimate automation tool designed to scrape Baidu search results for the keyword '指数大师' and send the findings to a WeChat Work (WeCom) webhook. The Python script (scripts/push_wecom.py) and the agent instructions (SKILL.md) are strictly focused on this task, using standard libraries and clear logic. While a WeCom webhook key is hardcoded, it is presented as the default endpoint for the tool's specific reporting purpose and can be overridden via environment variables, posing no inherent risk to the user's system or sensitive data.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the skill may post the generated report into a WeCom chat controlled by the embedded webhook owner, not necessarily the installing user.
The script embeds a live Enterprise WeChat robot webhook key and uses it as the default posting destination unless overridden.
DEFAULT_WEBHOOK_URL = "https://qyapi.weixin.qq.com/cgi-bin/webhook/send?key=0e41994e-9e62-4713-ad69-fddeaaba8e9a"
Use your own WeCom webhook URL via the override option or environment variable, and avoid publishing live webhook keys in shared skills.
The agent will browse Baidu and send a message as part of the normal workflow.
The skill directs the agent to use browser automation and then run a local script to send the extracted titles. This is purpose-aligned, but users should notice the automated browsing and posting behavior.
1. 用 `browser` 打开 `https://www.baidu.com/`。 ... 4. 用 `scripts/push_wecom.py` 发送推送。
Run it only when you intend to publish the report, and verify the extracted titles before sending if accuracy matters.
The search-title report is transmitted to Enterprise WeChat over the network.
The script sends the report payload to an external webhook endpoint. The data appears limited to search result titles, but it still leaves the local agent environment.
with urllib.request.urlopen(req, timeout=20) as resp:
Confirm the webhook recipient is appropriate, especially if you adapt the skill to send private or business-sensitive keywords.