微信公众号媒体下载器 WeChat Media Downloader
v1.0.0下载微信公众号文章(mp.weixin.qq.com)中的视频、音频和音乐卡片。适用于:用户想把公众号文章里的 1 个或多个视频、多个音频/音乐保存到本地;直接抓取被微信“环境异常/去验证”拦截;需要通过可见 Chrome + 人工验证 + 远程调试抓取真实媒体地址,再自动下载、提取标题、重命名并整理输出。优先用...
⭐ 0· 117·0 current·0 all-time
by@ewanwu
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description match the included scripts and runtime instructions: both capture_wechat_media.py and download_wechat_media.py implement the described CDP-based capture and HTTP download flow for WeChat article media (mpvideo.qpic.cn and res.wx.qq.com). Suggested tools (playwright, yt-dlp) are reasonable for this task.
Instruction Scope
SKILL.md stays within the stated purpose: it instructs trying headless fetch first, then using visible Chrome + manual verification + CDP to capture media URLs, saving page HTML and captured requests, then downloading and renaming. One operational/security note: it requires the user to start Chrome with --remote-debugging-port=9222 (local CDP access); this is necessary for the workflow but has an operational security implication if that port were exposed to untrusted networks. The instructions do not ask the agent to read unrelated files or exfiltrate data to third-party endpoints.
Install Mechanism
There is no automated install spec in the package (instruction-only install). The README recommends a user-level pip install of playwright and optionally yt-dlp — appropriate and proportional for the stated functionality. No downloads from untrusted URLs or archive extraction are present in the package.
Credentials
The skill requests no environment variables, no credentials, and no config paths. The scripts only connect to localhost CDP (127.0.0.1:9222) and fetch public media URLs; this matches the intended function. No unrelated secrets or tokens are requested or used.
Persistence & Privilege
Skill metadata does not force always:true and does not request persistent privileges. The scripts write only local artifacts (manual_page.html, JSON manifest, downloaded media) to user-specified directories; they do not modify other skills or system-wide settings.
Assessment
This skill appears internally consistent and implements the stated CDP+manual-verification approach. Before using it: 1) Only use it for media you have permission to save. 2) Start Chrome with the remote-debugging flag only on a trusted, firewalled machine (the script connects to localhost:9222); avoid exposing that port to networks. 3) Inspect the included scripts yourself (they are short, plain Python) and run them locally rather than as a privileged user. 4) The skill recommends installing Playwright and optionally yt-dlp via pip — review those packages if you have policy concerns. If you will run this on a shared or remote host, consider the risk of opening a CDP port and the presence of downloaded files on that host.Like a lobster shell, security has layers — review code before you run it.
chinesevk97d4kgex5h9qtp5a7wjj0eh0n841194downloadvk97d4kgex5h9qtp5a7wjj0eh0n841194latestvk97d4kgex5h9qtp5a7wjj0eh0n841194mediavk97d4kgex5h9qtp5a7wjj0eh0n841194wechatvk97d4kgex5h9qtp5a7wjj0eh0n841194weixinvk97d4kgex5h9qtp5a7wjj0eh0n841194
License
MIT-0
Free to use, modify, and redistribute. No attribution required.