WeChat Article to Obsidian
v1.1.2Save WeChat public account articles (微信公众号文章) as clean Markdown notes in Obsidian. Use this skill whenever the user shares a mp.weixin.qq.com link and wants...
⭐ 0· 108·1 current·1 all-time
byAmo@amortalsodyssey
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description match the actual code and runtime instructions. The scripts implement fetching (curl + optional Playwright fallback), parsing to Markdown, and safe direct-write saving to an Obsidian vault. No unrelated credentials, cloud APIs, or binaries are required.
Instruction Scope
SKILL.md and the scripts only read the provided article URL(s), temporary files, and the skill's config.json, and then write Markdown into the user's configured vault root. The browser fallback uses Playwright to evaluate page DOM and embed the article content; no external tracking or remote exfil endpoints are present in the scripts. The skill does instruct the agent to write persistent config to <skill-path>/config.json and to write notes into vault_disk_root (user-supplied).
Install Mechanism
This is instruction-only (no packaged installer). Dependencies are Node >=18, curl, and optionally Playwright + a Chromium/Chrome runtime. Playwright itself typically downloads browser binaries at first-run; the scripts attempt to require-playwright from local or global installs but do not fetch arbitrary code from unknown URLs. The Python fallback script uses a hardcoded Homebrew Python shebang which is non-portable and may require adjustment on some systems.
Credentials
The skill requests no environment variables or secrets. The only persistent configuration is a user-supplied vault path and default save location (config.json). These are reasonable and proportional to the stated task of saving notes to an on-disk Obsidian vault.
Persistence & Privilege
always:false (normal). The skill writes a per-skill config.json in its own path and can perform direct writes into a user-specified vault_disk_root. This is expected behavior for a clipping/save-to-vault skill but means the agent—if allowed to run the skill autonomously—can create files in the configured vault without an additional prompt. There is no evidence the skill alters other skills or system-wide settings.
Assessment
This skill appears coherent and implements exactly what it promises. Before installing: 1) Ensure you only set vault_disk_root to a folder you explicitly want the skill to write into (it enforces staying inside the vault root, but the path is still user-provided). 2) Be aware Playwright (if used) will require additional packages and may download Chromium binaries on first run; adjust the Python shebang (scripts/fetch-browser.py) or run it with your system python if the bundled path doesn't exist. 3) Review and confirm the skill's config.json once it writes it, and test with a non-sensitive vault/folder first. 4) If you want extra protection, run the scripts in a sandbox or restrict the agent's ability to invoke the skill autonomously; otherwise the agent could save files to the configured vault when triggered by matching inputs.Like a lobster shell, security has layers — review code before you run it.
latestvk97adyzd586w0fk0p874y0ejy984ryxj
License
MIT-0
Free to use, modify, and redistribute. No attribution required.