Wechat Md Publisher Skill
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This is a disclosed WeChat publishing skill, but it can use WeChat account credentials and publish public content, so users should use the draft-and-review flow.
Before installing, audit or trust the pinned npm package, configure only the intended WeChat account, keep the AppSecret out of command history and logs, use draft-first publishing with manual review, and avoid remote themes unless you trust the provider.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used incorrectly, the agent could publish content to a public WeChat account before the user reviews it.
The skill exposes a public publishing action, but the configuration explicitly says automated publishing without confirmation is disabled and recommends a draft-first workflow.
"publish": { "script": "./scripts/run.js", "args": ["publish"], "description": "发布文章到微信公众号" } ... "autoPublishWithoutConfirmation": false, "recommendedFlow": "draft-first"Use draft creation by default and only run final publish commands after the user has reviewed the rendered article and explicitly approved publication.
Anyone or any process with access to the configured secret could act through the connected WeChat public account within the API permissions.
The skill uses WeChat account credentials and stores them locally via the upstream npm package; this is expected for WeChat API publishing but gives the tool delegated account authority.
"optional": ["WECHAT_APP_ID", "WECHAT_APP_SECRET"], "storage": { "location": "~/.config/wechat-md-publisher-nodejs/", "encryption": "AES-256", "handler": "wechat-md-publisher npm 包" }Prefer environment variables, protect the local config directory, use a test or least-privileged account first, and rotate the AppSecret if it may have been exposed.
The actual WeChat API calls and credential handling depend on the installed npm package, so a compromised or unaudited package could affect account data.
The skill relies on an external npm package that is not included in the artifact set. The artifacts reduce risk with exact pinning and no auto-install, but users still need to trust or audit that dependency.
"install": { "type": "npm-global", "package": "wechat-md-publisher", "version": "1.0.7", "versionPinning": "exact", "execution": "npm install -g wechat-md-publisher@1.0.7", "autoInstall": false, "autoUpdate": false }Install only the pinned version from a trusted environment, review the upstream source before adding real credentials, and avoid unpinned upgrades.
Article drafts, titles, and image URLs could be shared with a third-party theme service if the user enables remote themes.
Optional remote theme rendering can send article content to a user-configured third-party service; the documentation discloses this and warns not to enable it automatically.
"theme add-remote" 会把文章正文 / 标题 / 图片 URL 等内容发送到第三方端点,构成一个新的数据边界
Use built-in or local themes unless you fully trust the remote theme provider and are comfortable sending article content to it.