WeChat Article Extractor

v1.0.0

Extract metadata and content from WeChat Official Account articles. Use when user needs to parse WeChat article URLs (mp.weixin.qq.com), extract article info...

⭐ 0· 95·0 current·0 all-time

by@abigale-cyber

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for abigale-cyber/content-system-wechat-article-extractor-skill.

Previewing Install & Setup.

Prompt PreviewInstall & Setup

Install the skill "WeChat Article Extractor" (abigale-cyber/content-system-wechat-article-extractor-skill) from ClawHub.
Skill page: https://clawhub.ai/abigale-cyber/content-system-wechat-article-extractor-skill
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install content-system-wechat-article-extractor-skill

ClawHub CLI

Package manager switcher

npx clawhub@latest install content-system-wechat-article-extractor-skill

Security Scan

Capability signals

Requires OAuth token

These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.

VirusTotal

Suspicious

View report →

OpenClaw

Suspicious

medium confidence

ℹ

Purpose & Capability

The skill's name/description align with the code in scripts/extract.js: it fetches mp.weixin.qq.com / sogou pages, parses HTML, and returns structured metadata. However, convert.js (included in the bundle) performs unrelated local filesystem reads and writes to absolute paths in /Users/canghe/..., which is not required for the extractor's described runtime behavior and looks like a leftover developer utility.

Instruction Scope

SKILL.md and the primary extract.js only describe fetching remote pages and parsing HTML. They do not instruct reading arbitrary local files. Despite that, convert.js will read a specific file (/Users/canghe/.claude/.../tool-results/b97eb13.txt) and write to /Users/canghe/Downloads/..., which is outside the stated scope and could expose local data if executed. The presence of this script expands the actionable surface beyond what the SKILL.md describes.

✓

Install Mechanism

There is no install spec (instruction-only skill). All dependencies are standard npm packages listed in package.json/package-lock.json; nothing is downloaded from unusual URLs in the manifest. No archive downloads or remote installers are declared.

✓

Credentials

The skill declares no required environment variables or credentials. extract.js performs HTTP requests to target pages and parses content; no secrets or cloud credentials are requested. (Note: transitive packages in package-lock include many common dependencies — not evidence of credential needs.)

✓

Persistence & Privilege

Flags are default (always:false, user-invocable:true). The skill does not request persistent presence or modify other skills or system-wide settings in the manifest. The main concern is the included convert.js file, not persistent privileges.

What to consider before installing

This skill's extractor script (scripts/extract.js) appears coherent with the stated purpose and is likely safe to review; however, do NOT run convert.js without inspecting it first. convert.js contains hard-coded absolute paths that read from /Users/canghe/... and write to /Users/canghe/Downloads/..., which is unrelated to normal extraction and could read sensitive local files on your machine. Before installing or running the skill: 1) Inspect or remove convert.js (it's a developer utility, not required for extraction). 2) Run the skill in a sandboxed/isolated environment (container or VM) if you intend to execute the included scripts. 3) If you only need extraction, run scripts/extract.js and review network behavior (it issues HTTP GETs to target sites). 4) Consider locking down network access or rate-limiting to avoid scraping-related blocks. If you want higher assurance, ask the author to explain/clean up convert.js or supply a version of the package without files that access absolute local paths.

✗

scripts/extract.js:326

Dynamic code execution detected.

Patterns worth reviewing

These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk97b4ce46c6dp4bdet98phmtw184e485

95downloads

0stars

1versions

Updated 2w ago

v1.0.0

MIT-0

WeChat Article Extractor

Extract metadata and content from WeChat Official Account (微信公众号) articles.

Capabilities

Parse WeChat article URLs (mp.weixin.qq.com)
Extract article metadata: title, author, description, publish time
Extract account info: name, avatar, alias, description
Get article content (HTML)
Get cover image URL
Support multiple article types: post, video, image, voice, text, repost
Handle various error cases: deleted content, expired links, access limits

Usage

Basic Extraction from URL

const { extract } = require('./scripts/extract.js');

const result = await extract('https://mp.weixin.qq.com/s?__biz=...');
// Returns: { done: true, code: 0, data: {...} }

Extraction from HTML

const html = await fetch(url).then(r => r.text());
const result = await extract(html, { url: sourceUrl });

Options

const result = await extract(url, {
  shouldReturnContent: true,      // Return HTML content (default: true)
  shouldReturnRawMeta: false,     // Return raw metadata (default: false)
  shouldFollowTransferLink: true, // Follow migrated account links (default: true)
  shouldExtractMpLinks: false,    // Extract embedded mp.weixin links (default: false)
  shouldExtractTags: false,       // Extract article tags (default: false)
  shouldExtractRepostMeta: false  // Extract repost source info (default: false)
});

Response Format

Success Response

{
  done: true,
  code: 0,
  data: {
    // Account info
    account_name: "公众号名称",
    account_alias: "微信号",
    account_avatar: "头像URL",
    account_description: "功能介绍",
    account_id: "原始ID",
    account_biz: "biz参数",
    account_biz_number: 1234567890,
    account_qr_code: "二维码URL",

    // Article info
    msg_title: "文章标题",
    msg_desc: "文章摘要",
    msg_content: "HTML内容",
    msg_cover: "封面图URL",
    msg_author: "作者",
    msg_type: "post", // post|video|image|voice|text|repost
    msg_has_copyright: true,
    msg_publish_time: Date,
    msg_publish_time_str: "2024/01/15 10:30:00",

    // Link params
    msg_link: "文章链接",
    msg_source_url: "阅读原文链接",
    msg_sn: "sn参数",
    msg_mid: 1234567890,
    msg_idx: 1
  }
}

Error Response

{
  done: false,
  code: 1001,
  msg: "无法获取文章信息"
}

Error Codes

Code	Message	Description
1000	文章获取失败	General failure
1001	无法获取文章信息	Missing title or publish time
1002	请求失败	HTTP request failed
1003	响应为空	Empty response
1004	访问过于频繁	Rate limited
1005	脚本解析失败	Script parsing error
1006	公众号已迁移	Account migrated
2001	请提供文章内容或链接	Missing input
2002	链接已过期	Link expired
2003	内容涉嫌侵权	Content removed (copyright)
2004	无法获取迁移后的链接	Migration link failed
2005	内容已被发布者删除	Content deleted by author
2006	内容因违规无法查看	Content blocked
2007	内容发送失败	Failed to send
2008	系统出错	System error
2009	不支持的链接	Unsupported URL
2010	内容获取失败	Content fetch failed
2011	涉嫌过度营销	Marketing/spam content
2012	账号已被屏蔽	Account blocked
2013	账号已自主注销	Account deleted
2014	内容被投诉	Content reported
2015	账号处于迁移流程中	Account migrating
2016	冒名侵权	Impersonation

Dependencies

Required npm packages:

cheerio - HTML parsing
dayjs - Date formatting
request-promise - HTTP requests
qs - Query string parsing
lodash.unescape - HTML entities

Notes

Handles various WeChat page structures and anti-scraping measures
Automatically detects article type from page content
Supports extracting from Sogou WeChat search results (weixin.sogou.com)
Some fields may be null depending on article type and page structure

Comments

Loading comments...