ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Wechat Article Search

v0.1.0

搜索微信公众号文章技能。通过微信搜索获取文章列表,覆盖科技/AI、社会热点、财经、教育、职场等各类中文资讯;可按关键词检索并返回标题、概要、发布时间、来源公众号与链接。当用户需要查找微信公众号文章、整理参考资料或快速获取文章信息时使用此技能。

23· 9.2k·79 current·83 all-time
by无处不在@wuchubuzai2018
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description claim a WeChat article search via web search; the included script and SKILL.md implement HTTP scraping of sogou/weixin pages and HTML parsing with cheerio, which is proportional to the stated purpose.
Instruction Scope
SKILL.md instructs running the included Node script and installing cheerio. The runtime instructions only describe making HTTP requests to search pages, optionally resolving redirect links and writing JSON output — they don't instruct reading arbitrary local files or accessing unrelated environment variables.
Install Mechanism
No formal install spec (instruction-only), which minimizes install risk. SKILL.md suggests global npm install -g cheerio; this is unnecessary and a poor practice (local install preferred) but not malicious. No downloads from untrusted URLs or archive extraction are present.
Credentials
The skill requires no credentials or environment variables. The script uses only built-in Node modules and cheerio for HTML parsing; no secrets or unrelated service tokens are requested.
Persistence & Privilege
Skill does not request permanent presence or special agent privileges (always:false). It does not modify other skills or system-wide configs and contains no self-enabling behavior in the files provided.
Assessment
This skill appears to do exactly what it says: scrape Sogou/Weixin search pages and parse article metadata. Before installing or running: (1) review the included script yourself or run it in a sandbox, since the source has no homepage and origin is unknown; (2) be aware this is a web‑scraper — excessive or automated use can violate site terms of service and lead to IP blocking; (3) install cheerio locally (npm install cheerio) instead of using -g; (4) the tool makes direct HTTPS requests to sogou/weixin domains (and follows redirect logic) but does not exfiltrate data to other endpoints or read your machine's secrets; (5) if you need stronger assurance, ask the author for a homepage/repository or run dynamic monitoring (network logs) while executing.

Like a lobster shell, security has layers — review code before you run it.

latestvk976d35enebtys1qt2y1bwpwed814p4g

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments