!
Purpose & Capability
The skill's name/description match the included code: hotspot monitoring, AI-driven article generation, and draft management. However the registry metadata declares no required environment variables or primary credential while SKILL.md/README and the code clearly expect a DASHSCOPE_API_KEY (百炼/Dashscope LLM) and optional WECHAT_APP_ID/WECHAT_APP_SECRET for publishing. That mismatch (manifest says none; code uses them) is inconsistent and unexplained.
ℹ
Instruction Scope
The SKILL.md instructions are consistent with the code (monitor -> generate -> save drafts). The SKILL.md contains explicit LLM system prompts and generation prompts (which the code uses) — expected for an AI writing tool. A static scanner found a 'system-prompt-override' pattern in SKILL.md; in this context the presence of system-style prompts is expected, but it is also a class of content that could be used for prompt-injection, so the file should be reviewed manually.
!
Install Mechanism
The registry shows 'No install spec — instruction-only', yet the package includes many JS files and a package.json listing dependencies (node-fetch, cheerio, dotenv, node-cron). There is no automated install instruction in the registry metadata; users will need to run npm install or otherwise provide those deps. This mismatch increases friction and risks (unattended npm installs, unclear runtime expectations).
!
Credentials
The behavior justifies needing an LLM API key (DASHSCOPE_API_KEY) and optionally WeChat publishing credentials. Those are sensitive (API keys/credentials) and the code transmits the DASHSCOPE_API_KEY to dashscope.aliyuncs.com when calling the LLM — expected for function but sensitive. The manifest, however, did not declare these required env vars or a primary credential, so the skill's declared permissions under-report its actual credential requirements.
✓
Persistence & Privilege
The skill does not request 'always: true' and does not attempt to modify other skills or system-wide agent settings. It writes local data (data/, drafts/, logs/) which is normal for this application. Automatic agent invocation is allowed by default but not exceptional here.
Scan Findings in Context
[system-prompt-override] expected: SKILL.md and the JS code include explicit LLM 'systemPrompt' strings and full prompts used to generate titles and articles; this is expected for an AI writing/publishing skill. However this pattern can also be abused for prompt-injection or to try to override agent/system prompts, so manual review is advised.
What to consider before installing
What to consider before installing:
- Metadata vs reality: The skill registry lists no required env vars, but the README/SKILL.md and code expect DASHSCOPE_API_KEY (百炼/Dashscope LLM) and optionally WECHAT_APP_ID/WECHAT_APP_SECRET for publishing. Treat that as a discrepancy — the skill will need secrets even though the registry doesn't declare them.
- Secrets: Only provide an LLM API key with least privilege and usage limits. Do not give production WeChat credentials until you've audited the publish code and tested in a safe account. Consider creating a disposable/test WeChat account and a restricted API key for evaluation.
- Install and dependencies: The bundle includes package.json but no installer metadata. You should run npm install in a controlled environment (e.g., disposable VM or container) and inspect installed packages before running. Avoid running npm install as root on critical hosts.
- Prompt content and injection: SKILL.md contains system-style prompts and the code sends system/user prompts to the LLM — expected, but also flagged by scanners. Review those prompt templates to ensure they don't attempt to override your agent's system instructions or leak sensitive context.
- Automatic publishing: autoPublish is off by default and README notes '自动发布(待实现)'. Do not enable automatic publishing to live accounts until you confirm the publish flow and safety checks; manual review of drafts is recommended.
- Network & data: The skill fetches many public endpoints (Weibo, Zhihu, GitHub, Hacker News, 36Kr, Huxiu, Product Hunt, Reddit, TheVerge). That matches its purpose but means it will make outbound network requests. If you run this in a sensitive environment, sandbox it and monitor outbound traffic.
- Recommended steps to evaluate safely:
1) Inspect the code locally (especially any 'publish' implementation if later added).
2) Run npm install and execute in an isolated container/VM.
3) Provide a test/limited DASHSCOPE key and a test WeChat account only.
4) Keep autoPublish disabled; verify drafts are generated in drafts/ before any posting.
5) Consider running static analysis or dependency scanning on package.json dependencies.
If you need, I can point to the exact lines referencing DASHSCOPE_API_KEY and the WeChat config in the code, or help generate a minimal checklist/commands to safely run this in a sandbox.
