ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

WeChat Article Fetcher

抓取微信公众号文章内容。当用户发送微信公众号文章链接(mp.weixin.qq.com)时自动触发,将文章内容提取为可读文本。无需API密钥。

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 309 · 4 current installs · 4 all-time installs
byChengWeiJiang@hlgate
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
The skill's stated purpose (fetch WeChat articles and convert to readable text) matches the SKILL.md instructions. However the instructions rely entirely on a third-party HTTP API (down.mptext.top) rather than fetching directly from the origin; that dependency is not declared in the metadata or description.
!
Instruction Scope
Runtime instructions tell the agent to URL-encode the user-provided mp.weixin.qq.com link and call https://down.mptext.top/api/public/v1/download?... . This directs entire user-supplied URLs (and therefore full article content or any URL-embedded tokens) to an external service, creating a clear data-exfiltration and privacy risk. The instructions also auto-trigger when a message contains an mp.weixin.qq.com link, so forwarding can happen without explicit user consent.
Install Mechanism
No install spec or code is present (instruction-only skill), so nothing is written to disk and there is no package-install risk.
Credentials
The skill requests no environment variables or credentials (proportionate). However, it implicitly requires network access to a third-party domain (down.mptext.top) which is not listed in metadata; that external dependency has privacy and trust implications even though no secrets are requested.
Persistence & Privilege
always is false, the skill is user-invocable and can be invoked autonomously (default). It does not request persistent privileges or modify system/agent configuration.
What to consider before installing
This skill will forward any WeChat article URL a user provides to a third-party scraper at down.mptext.top and return the scraped text. Before installing, consider: (1) Privacy: the external service will receive the full URL and the scraped content — this may expose private articles or URL tokens. (2) Trust: the service's ownership and data-handling practices are unknown (no homepage/source). (3) Availability and correctness: scraped content, images, and formatting may be unreliable. If you need this capability, prefer a transparent alternative: host your own scraper, require explicit user consent before sending links, or ask the skill author for source code and a privacy policy. Avoid using the skill for sensitive or private links until you can verify the third-party service's trustworthiness.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
latestvk97cjmj7wjgf4jja8ecscnhs3s837xp4

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

微信公众号文章抓取

触发条件

用户消息中包含 mp.weixin.qq.com 链接时,自动使用此技能抓取文章内容。

使用方法

curl -s "https://down.mptext.top/api/public/v1/download?url=<URL_ENCODED_LINK>&format=markdown"

参数

参数说明
url文章链接(需URL编码)
format输出格式:html / markdown / text / json(默认html)

步骤

  1. 从用户消息中提取微信文章链接
  2. 对链接进行 URL 编码
  3. 调用接口抓取内容(推荐 markdown 格式)
  4. 提取正文,去除 CSS、导航等噪音
  5. 为用户生成文章摘要或回答用户关于文章的问题

注意事项

  • 此接口无需 API 密钥
  • 部分文章可能有字数限制或反爬处理
  • 图片链接可能有时效性
  • 如抓取失败,可尝试换 format 为 text

Files

1 total
Select a file
Select a file to preview.

Comments

Loading comments…