ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Wechat Md Publisher Skill

v0.8.33

发布 Markdown 文章到微信公众号,支持草稿管理、多主题、智能图片处理、自动封面图。推荐与 news-to-markdown-skill 配合使用实现一键转载(支持本地图片)。

0· 543·2 current·2 all-time
byPING SI@sipingme
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The SKILL.md, _meta.json, config.json and other files clearly declare that the skill requires WECHAT_APP_ID and WECHAT_APP_SECRET, a global npm package (wechat-md-publisher / wechat-pub), and a local config path (~/.config/wechat-md-publisher-nodejs/). However the initial registry summary at the top of this submission (the 'Requirements' block) claimed no required env vars, no primary credential, and 'No install spec'. That mismatch between what the skill claims at registry-level and what the included files require is an inconsistency worth investigating before trusting the skill.
Instruction Scope
The runtime instructions stay within the stated purpose: they instruct installing/using the wechat-md-publisher CLI to read Markdown and referenced local images, upload images and content to WeChat APIs, manage drafts, and store account config locally. The SKILL.md warns about optional remote-theme endpoints and explicitly notes the need for IP whitelist. There are no instructions to read unrelated system files or exfiltrate data beyond the declared domains, but the agent will be asked to handle local files and credentials needed for publishing.
!
Install Mechanism
Installation relies on a third-party npm package installed globally (npm install -g wechat-md-publisher), which is moderate risk because global npm packages execute arbitrary code on the host. The included install script does not auto-download arbitrary archives (it requires the user to run npm manually), which reduces automation risk, but registry metadata inconsistently reported no install spec while _meta.json/config.json declare an npm install flow. You should audit the upstream package source (repo: https://github.com/sipingme/wechat-md-publisher) before running a global install.
Credentials
Requested environment/credentials (WECHAT_APP_ID and WECHAT_APP_SECRET) are proportional to the described functionality (calling WeChat APIs). The skill stores encrypted credentials under ~/.config/wechat-md-publisher-nodejs/ and delegates encryption/handling to the wechat-md-publisher npm package; the SKILL.md itself notes this and recommends auditing src/services/account.ts. That delegation is acceptable but increases trust surface: the encryption/storage implementation lives in the third-party package you must audit.
Persistence & Privilege
always:false (not force-included). The skill writes only to its own config directory (~/.config/wechat-md-publisher-nodejs/), and does not request elevated system-wide privileges or modify other skills' configs. Storing credentials locally is expected for a CLI publisher; the skill warns the encryption handler is provided by the npm package.
What to consider before installing
This skill appears to do what it says (publish Markdown to WeChat), but there are two red flags to act on before installing or providing credentials: 1) Inconsistency in metadata: the top-level submission summary claimed no required env vars and no install spec, yet SKILL.md, _meta.json and config.json require WECHAT_APP_ID and WECHAT_APP_SECRET and an npm install. Treat the files as authoritative and verify with the publisher. 2) Third‑party npm package handles credentials and encryption: the skill delegates credential storage and AES‑256 encryption to the wechat-md-publisher npm package. Inspect the package source (especially src/services/account.ts in the repo) to confirm it does not exfiltrate secrets and that its encryption is implemented correctly before providing your AppSecret. Other practical advice: - Prefer manual installation after review (the skill's install scripts do not auto-install, which is good). Do not run npm install -g unless you trust and have audited the package repo. - Use a dedicated environment or throwaway cloud VM with a fixed IP for initial testing (the tool requires adding your IP to WeChat's whitelist). - Do not paste AppSecret into public places; consider using least-privileged or test WeChat account for trials. - Avoid enabling remote theme endpoints unless you trust the third-party service; SKILL.md warns that remote themes can contact external servers. If you want, I can: (a) point to the exact lines/files to review in the upstream repo (e.g., src/services/account.ts), (b) summarize any suspicious code if you paste it, or (c) produce a short checklist to audit the npm package before installation.

Like a lobster shell, security has layers — review code before you run it.

latestvk97cwb9dkph62r2yg5bcfwd9cn8477hw

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments