ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

WeChat MP Assistant

v1.0.0

WeChat Official Account Manager - Automatically generate articles, images, SEO optimization, and data analysis. Supports end-to-end operations from topic sel...

0· 111·0 current·0 all-time
by@jason-aka-chen

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for jason-aka-chen/wechat-mp-assistant-chen.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "WeChat MP Assistant" (jason-aka-chen/wechat-mp-assistant-chen) from ClawHub.
Skill page: https://clawhub.ai/jason-aka-chen/wechat-mp-assistant-chen
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install wechat-mp-assistant-chen

ClawHub CLI

Package manager switcher

npx clawhub@latest install wechat-mp-assistant-chen
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The declared purpose (manage WeChat Official Accounts: generate/publish content, analyze data) is plausible, and the SKILL.md describes relevant features. However, the skill metadata declares no required credentials or config paths even though the instructions show an appid/secret JSON and describe publishing — a WeChat integration legitimately needs those credentials. Also the SKILL.md references a Python module 'mp_assistant' which is not included and not referenced in the registry metadata or a homepage, so it's unclear where runtime code comes from.
!
Instruction Scope
The SKILL.md tells the agent to install packages (pip install requests wechatpy), configure an appid/secret, and run code that imports 'mp_assistant' to generate and publish content. Because no code files are provided, the instructions implicitly require fetching or installing code from external sources (e.g., PyPI or the internet). The instructions do not limit what external endpoints or image-generation services to use for AI images or multi-platform sync, granting broad discretion to contact arbitrary services. The instructions also perform actions (publishing) that require secrets but do not declare or restrict how those secrets are handled.
Install Mechanism
There is no formal install spec in the registry (instruction-only), but SKILL.md recommends pip installing requests and wechatpy. Suggesting pip installs is common, but installing packages at runtime pulls remote code (PyPI) that will execute locally; because the skill provides no fixed source for the 'mp_assistant' module, the agent might attempt to pip-install unknown packages or fetch code from untrusted locations. This raises moderate risk but is expected for a Python-based integration unless a pinned/verified package or source is provided.
!
Credentials
The instructions explicitly require an Official Account AppID and Secret (sensitive credentials), but the skill metadata lists no required env vars or primary credential. That's a mismatch: a WeChat publish workflow needs those secrets, and the registry should declare them and justify their scope. Additionally, other capabilities mentioned (image generation, multi-platform sync) likely need additional credentials or third-party API keys that are not declared.
Persistence & Privilege
The skill is not marked always:true and does not request persistent system-wide privileges in the metadata. There is no install spec that writes files or modifies other skills' configurations. This dimension shows no elevated privilege by itself.
Scan Findings in Context
[no-findings] expected: The static scanner found no code to analyze (this is an instruction-only skill). Absence of findings is expected for SKILL.md-only packages but does not imply safety.
What to consider before installing
This skill claims to manage and publish to WeChat Official Accounts but does not declare the AppID/Secret or provide the runtime code it references. Before installing or running this skill: (1) ask the publisher for a homepage or source repository and a clear list of required credentials (e.g., WECHAT_APPID, WECHAT_SECRET) and how they are stored/used; (2) do not enter long-lived account secrets until you verify the code; prefer short-lived tokens or a least-privilege account for publishing; (3) be cautious about allowing the agent to pip-install packages — inspect the exact packages and versions (and ideally pin them) and review their source; (4) clarify which image-generation or multi-platform services are used and what additional credentials they require; (5) if you cannot verify the source, run the skill in a sandboxed environment or decline installation. These gaps make the package suspicious rather than clearly benign.

Like a lobster shell, security has layers — review code before you run it.

latestvk97det61m0veaqkz3e3e0y5xzx83dewv
111downloads
0stars
1versions
Updated 1mo ago
v1.0.0
MIT-0
@jason-aka-chen
latest
Download

wechat-mp-assistant

WeChat Official Account assistant for automated account management.

Features

1. Content Generation

  • Article outline generation
  • SEO optimization suggestions
  • Title recommendations
  • Hot topic analysis

2. Image Generation

  • Cover design prompts
  • Article image suggestions
  • AI image generation prompts

3. Data Analysis

  • Read count analysis
  • Follower growth tracking
  • Competitor analysis
  • Optimization suggestions

4. Publishing Management

  • Scheduled posting
  • Multi-platform sync
  • Data statistics

Usage

Installation

pip install requests wechatpy

Configuration

{
  "appid": "Your Official Account AppID",
  "secret": "Your Official Account Secret"
}

Basic Usage

from mp_assistant import ContentGenerator, DataAnalyzer

# Generate article
generator = ContentGenerator(topic="Quantitative Trading")
outline = generator.generate_outline()

# Data analysis
analyzer = DataAnalyzer()
report = analyzer.weekly_report()

Automation Workflow

  1. Input topic → Generate outline
  2. Confirm outline → Generate full article
  3. Image suggestions → AI generate
  4. SEO optimize → Publish

Target Users

  • Self-media operators
  • Enterprise official accounts
  • Personal bloggers
  • Content creators

Comments

Loading comments...