ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Wechat To Ima

v0.1.1

Save WeChat Official Account articles into IMA notes with preserved article structure. Use when the user sends an mp.weixin.qq.com link and wants to save, ar...

0· 60·0 current·0 all-time
by@harven-droid

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for harven-droid/wechat-to-ima.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Wechat To Ima" (harven-droid/wechat-to-ima) from ClawHub.
Skill page: https://clawhub.ai/harven-droid/wechat-to-ima
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install wechat-to-ima

ClawHub CLI

Package manager switcher

npx clawhub@latest install wechat-to-ima
Security Scan
Capability signals
Requires OAuth tokenRequires sensitive credentials
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill's stated purpose (fetch WeChat article → import into IMA) matches the code: the Python script runs an extractor and posts to IMA. However the registry metadata claims no required environment variables while SKILL.md and the code require IMA_OPENAPI_CLIENTID and IMA_OPENAPI_APIKEY — this mismatch is an incoherence that should be fixed/clarified.
!
Instruction Scope
Runtime instructions and code fetch remote WeChat pages and parse them (expected). The Node extractor dynamically evaluates JavaScript found in page <script> blocks via new Function to recover embedded variables — this is risky because it effectively executes code derived from untrusted web pages. The Python wrapper also loads a local .env file (SKILL_DIR/.env) into process environment if present, which can pull secrets from disk into the run context. The skill writes a markdown file to the system temp dir and makes HTTP requests only to WeChat (via extractor) and IMA endpoints (ima.qq.com), which matches the purpose.
Install Mechanism
No formal install spec; SKILL.md instructs running npm install in the skill directory. package.json/package-lock are bundled and dependencies (cheerio, request-promise, etc.) are typical for HTML extraction. This is moderate-risk (you must npm install third-party packages locally) but not unusual for an extractor. Note: cheerio in the lockfile specifies a high minimum Node version.
!
Credentials
The only external credentials used are IMA_OPENAPI_CLIENTID and IMA_OPENAPI_APIKEY, which are proportional to importing into IMA. The concern is that the registry metadata did not declare these required env vars while SKILL.md and the script do; additionally the script will read a .env file from the skill directory and inject any keys there into the environment if present — that behavior should be documented and considered before use.
Persistence & Privilege
The skill does not request always:true, does not modify other skills or system-wide agent settings, and its runtime footprint is limited to creating a temporary markdown file and making outbound HTTP requests to IMA and the article host. Autonomous invocation is allowed but is the platform default.
What to consider before installing
This skill appears to implement its stated purpose, but exercise caution before installing/running it. Things to consider: 1) The registry metadata omitted required environment variables — you must provide IMA_OPENAPI_CLIENTID and IMA_OPENAPI_APIKEY; verify you trust the destination (ima.qq.com). 2) The Node extractor executes JavaScript snippets from fetched pages using new Function; this can execute code derived from untrusted web content — run the skill in a sandbox or isolated container and avoid feeding it untrusted or arbitrary URLs. 3) The Python script will load a local .env file from the skill directory and inject any keys it contains into the environment — ensure that .env does not contain unrelated or highly privileged secrets. 4) npm install will pull third-party packages — review package-lock or run in an environment where installing packages is safe. If you need higher assurance, ask the maintainer to (a) declare required env vars in registry metadata, (b) avoid executing page JS (or strongly sandbox it), and (c) document .env behavior; or run the tool manually in an isolated environment and review network traffic during an initial test.
scripts/extract.js:173
Dynamic code execution detected.
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk973capj38bq1r18n0e96m0kx585m45s
60downloads
0stars
2versions
Updated 21h ago
v0.1.1
MIT-0
@harven-droid
latest
Download

WeChat to IMA

Save a WeChat article into IMA as a readable Markdown note.

Workflow

  1. Run scripts/save_wechat_to_ima.py <url>.
  2. If the body contains inline images, keep them in original order.
  3. If the body contains no inline images, insert the cover image near the top.
  4. Import the generated Markdown into IMA.
  5. Read the saved note back once to verify the note is not empty.

Requirements

  • IMA_OPENAPI_CLIENTID and IMA_OPENAPI_APIKEY must be available in the environment.
  • Run npm install once inside this skill directory so the bundled extractor dependencies are available.

Output

The script prints JSON with:

  • title
  • account
  • author
  • publish_time
  • body_img_count
  • cover_used
  • markdown_path
  • note_id
  • readback_ok

Notes

  • Prefer this skill over ad-hoc manual parsing when the user wants the article stored in IMA.
  • This skill is self-contained for article parsing and does not depend on a separate wechat-article-extractor installation.
  • The IMA readback check uses plain text, so it confirms content landed successfully but does not visually render images in the terminal output.
  • If parsing succeeds but the article body has no inline images, that is expected for some articles; use the cover-image fallback instead of treating it as a failure.
  • If the original article contains code or code-block-style content, preserve it as fenced Markdown code blocks when importing into IMA; do not flatten code into ordinary prose.

Comments

Loading comments...