ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

wechat mp push 微信公众号图文生成与推送技能

v1.0.25

支持通过AI生成符合公众号规范的图文(文章和贴图),并推送到公众号草稿箱,兼容其它SKILL生成的图文、图片进行推送。通过配置向导扫码授权,支持多账号。无需泄露公众号Secret密钥,无需配置公众号IP白名单。

3· 300·1 current·1 all-time
by@lihengdao
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description (WeChat MP push) align with the included script and docs: the skill generates HTML according to design.md and uses push-to-wechat-mp.js to POST content to a service (default https://api.pcloud.ac.cn/openClawService). There are no unrelated env vars or binaries requested. However the push flow depends on an external configuration wizard (https://app.pcloud.ac.cn/design/wechat-mp-push.html) and a third‑party relay rather than calling WeChat APIs directly — this is plausible but requires trusting that third party.
!
Instruction Scope
SKILL.md instructs the agent to ask the user to run a QR-code auth flow on a third‑party site, save the returned JSON as config.json in the skill directory, and then run the included Node script which will POST HTML or image URLs and the user's openId/appId to the apiBase URL. That means user content and identifiers are sent to an external service (pcloud.ac.cn) — expected for a push/relay service, but the docs instruct the agent to persist user-provided config locally and to transmit it externally. SKILL.md also includes a cleanupDrafts API call. The instructions do not request secrets like app secret keys, but they do give broad discretion to send arbitrary content to the relay (including user-supplied HTML/images).
Install Mechanism
No install spec and no external downloads; the skill is instruction + a bundled script. This minimizes install-time risks (nothing fetched/run during install).
!
Credentials
No declared environment variables, which is coherent. But the required config.json (provided via the external wizard) contains openId and accounts/appId entries that the script stores on disk and transmits to the relay. While not a secret key, openId/appId are account identifiers and authorization is handled by the third party. The skill effectively asks users to trust the remote service with account-level actions — appropriate for a relay but potentially disproportionate if users expect direct WeChat integration or if the relay is untrusted.
Persistence & Privilege
always:false and no special privileges. The skill writes/reads files in its own directory (config.json and HTML files) which is expected for its function. It does not modify other skills or system-wide settings.
Scan Findings in Context
[unicode-control-chars] unexpected: A prompt-injection detector found unicode control characters in SKILL.md. This is not expected for ordinary documentation and may indicate attempt to manipulate parsers/evaluators or obfuscate text; examine SKILL.md for invisible characters before trusting or auto-executing content.
What to consider before installing
This skill appears to do what it says (generate HTML and push to a WeChat draft), but it relies on a third‑party wizard and a relay API at pcloud.ac.cn. Before installing/using: - Verify and trust the external service (https://app.pcloud.ac.cn and https://api.pcloud.ac.cn). The service will receive the HTML/content, your openId, and possibly appId values; if you don't trust that host, do not use the wizard or paste its config. - Inspect the config.json you paste into the skill directory — do not paste private secrets or tokens unless you understand how they will be used. The skill claims you don't need the WeChat Secret, but the relay will act on your behalf. - Be aware that any content you send (HTML, images, titles) is transmitted to the relay endpoint; avoid sending confidential or sensitive data. - The SKILL.md contains hidden unicode control characters flagged by the scanner — open the file in a text editor that can reveal invisible characters and confirm there is no hidden instruction. - If you prefer not to trust a relay, seek a skill that integrates directly with official WeChat APIs (which will require different credentials) or run the provided push script in an isolated environment after auditing network flows. If you want, I can: (1) extract and display the raw config.example.json fields you will be asked to provide; (2) show the exact network request body the script sends given a sample config; or (3) scan the SKILL.md for the exact invisible characters and show them escaped.

Like a lobster shell, security has layers — review code before you run it.

latestvk977ggp4tmj2pbmd2sz51brqrs84tmhv

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments