微信公众号合规检查

v1.0.0

扫描微信公众号文章中的违规敏感词并自动改写。覆盖翻墙工具、政治敏感、灰产、破解逆向、引流卖货等 8 大类 100+ 敏感词。输出违规报告和改写后的安全版本。 Use when publishing WeChat articles, checking "违规", "敏感词", "审核", "公众号合规", or...

⭐ 0· 94·0 current·0 all-time

by@clarezoe

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for clarezoe/wechat-compliance-check.

Previewing Install & Setup.

Prompt PreviewInstall & Setup

Install the skill "微信公众号合规检查" (clarezoe/wechat-compliance-check) from ClawHub.
Skill page: https://clawhub.ai/clarezoe/wechat-compliance-check
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install wechat-compliance-check

ClawHub CLI

Package manager switcher

npx clawhub@latest install wechat-compliance-check

Security Scan

VirusTotal

Pending

View report →

OpenClaw

Benign

high confidence

ℹ

Purpose & Capability

The skill claims to provide a CLI-style scanner (/wechat-compliance-check) but is instruction-only with no binaries or install spec; however the SKILL.md includes clear step-by-step behavior and a bundled sensitive-words.md so the capability is implementable by the agent. This mismatch (CLI examples without a provided binary) is a usability/integration note rather than a security incoherence.

✓

Instruction Scope

Runtime instructions are limited to reading the included references/sensitive-words.md, scanning and replacing terms in the provided article file, producing a backup and a report, and re-scanning. The instructions do not reference unrelated files, environment variables, network endpoints, or system-level configuration.

✓

Install Mechanism

No install spec and no code files are provided (instruction-only). This is the lowest-risk install model: nothing is downloaded or written outside the agent's normal operation except for the described backups created when running --fix.

✓

Credentials

The skill requires no environment variables, no credentials, and no config paths. That is proportionate to a local text-scanning/rewriting tool.

✓

Persistence & Privilege

always:false and no persistence or modification of other skills or system-wide settings. The skill writes backups of processed files (expected behavior) but does not request permanent agent presence or elevated privileges.

Assessment

This skill appears coherent for its stated purpose, but review these practical points before using it: - The SKILL.md shows CLI usage but no executable is included; confirm how your agent will perform the scanning/rewriting (the agent must implement the steps described or you must install a separate tool). - Backups: the --fix mode creates .bak files containing the original content — treat backups as sensitive data and store/delete them securely if the article contains private or regulated information. - False positives / meaning changes: automatic replacements can alter technical meaning (e.g., ‘注入’ in technical contexts). Pay attention to items marked [REVIEW] and validate rewritten output before publishing. - Wordlist review & updates: the sensitive-words.md contains regex and context flags; inspect and customize it to your needs and legal obligations (and to avoid overbroad censoring of legitimate technical terms). - No network/exfiltration is indicated in the skill, but if you integrate this into an automated pipeline, confirm that the agent or any added tooling will not transmit article contents to external services without consent. If these points are acceptable, the skill is consistent with its description and low-risk from a credential/exfiltration perspective.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

🛡️ Clawdis

chinesevk97bp2vv88h6jhfdzkhpytbh1x847wgxcompliancevk97bp2vv88h6jhfdzkhpytbh1x847wgxcontent-moderationvk97bp2vv88h6jhfdzkhpytbh1x847wgxlatestvk97bp2vv88h6jhfdzkhpytbh1x847wgxwechatvk97bp2vv88h6jhfdzkhpytbh1x847wgx

94downloads

0stars

1versions

Updated 3w ago

v1.0.0

MIT-0

微信公众号内容合规检查与改写

扫描文章中的微信平台违规敏感词，生成违规报告，并自动改写为安全表述。

适用场景

公众号文章发布前的合规自查
已被判定违规的文章修复
技术类文章中常见的敏感词替换（VPN、逆向、破解等）
涉及海外平台、地缘政治内容的脱敏处理

使用方式

# 扫描文章
/wechat-compliance-check path/to/article.md

# 扫描并自动改写
/wechat-compliance-check path/to/article.md --fix

# 只输出报告不修改
/wechat-compliance-check path/to/article.md --report-only

检查流程

Step 1: 加载敏感词库

读取 references/sensitive-words.md 中的完整敏感词库。

Step 2: 全文扫描

对输入文件逐行扫描，匹配 8 大类敏感词：

类别	风险等级	示例
翻墙/代理工具	🔴 极高	VPN、Clash、Shadowsocks、V2Ray、科学上网、梯子
政治/地缘敏感	🔴 极高	中国封禁、GFW、防火墙、审查制度
破解/逆向	🟡 高	逆向工程、破解、crack、hack、漏洞利用、注入
封号/灰产	🟡 高	封号、封禁、转售、账号共享、代刷、薅羊毛
引流/商业化	🟡 中	付费源码、购买、下单、加微信领取
暴力/色情	🔴 极高	（平台自动检测，本技能不覆盖）
赌博/诈骗	🔴 极高	（平台自动检测，本技能不覆盖）
竞品/敏感品牌	🟡 中	视具体语境判断

Step 3: 生成违规报告

输出格式：

## 违规扫描报告

文件：article.md
扫描时间：2026-04-04 06:30
总命中：12 处

### 🔴 极高风险（3 处）
- 第 903 行：`VPN` → 建议改为「虚拟专用网络」
- 第 1098 行：`Clash` → 建议改为「网络规则工具」
- 第 1017 行：`中国开发者封号潮` → 建议改为「部分地区开发者受限」

### 🟡 高风险（6 处）
- 第 871 行：`封号` → 建议改为「账号限制」
- ...

### ⚠️ 中风险（3 处）
- 第 1826 行：`付费源码` → 建议改为「源码」
- ...

Step 4: 自动改写（--fix 模式）

当使用 --fix 参数时，自动执行改写：

备份原文件为 {filename}.bak-{timestamp}
按敏感词库中的替换规则逐一替换
对于需要上下文判断的词（如「注入」在技术语境中可能合法），标记为 [REVIEW] 供人工确认
输出改写摘要

Step 5: 二次验证

改写完成后，重新扫描一次确认无残留敏感词。如有残留，报告并提示手动处理。

改写原则

保留原意：改写后的表述必须传达相同的信息
自然流畅：替换词要在上下文中读起来自然，避免生硬
上下文感知：同一个词在不同语境下可能需要不同的替换
- 「注入」在 SQL 注入语境 → 保留（技术术语）
- 「注入」在「注入虚假工具」语境 → 改为「插入」
宁严勿松：不确定时优先替换，宁可过度谨慎

已知局限

本技能覆盖文本层面的敏感词，不覆盖图片中的文字
微信的审核规则会动态变化，敏感词库需要定期更新
部分违规判定依赖上下文（如「代理」在技术文章中通常安全，但在翻墙语境中违规）
不覆盖暴力、色情、赌博等微信平台自动检测的类别

Comments

Loading comments...