ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

微信公众号文章发布工具

v1.0.1

AI-ready skill to format and publish Markdown articles to WeChat Official Accounts using Wenyan CLI.

0· 76·0 current·0 all-time
byLei@caol64

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for caol64/wenyan-publish.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "微信公众号文章发布工具" (caol64/wenyan-publish) from ClawHub.
Skill page: https://clawhub.ai/caol64/wenyan-publish
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install wenyan-publish

ClawHub CLI

Package manager switcher

npx clawhub@latest install wenyan-publish
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill's stated purpose (publishing Markdown to WeChat via Wenyan CLI) is coherent, but the registry metadata does not declare the credentials (WECHAT_APP_ID / WECHAT_APP_SECRET) or the wenyan-cli dependency that the SKILL.md says are mandatory. Either the metadata is incomplete or the instructions are inconsistent with the declared requirements.
!
Instruction Scope
Runtime instructions tell the agent to read a Markdown file, parse and upload local or remote images to the WeChat material library, and use environment credentials to call WeChat APIs. These actions are appropriate for publishing, but the SKILL.md references environment variables and local file reads that are not reflected in the skill manifest — a scope/visibility gap that could hide unexpected behavior.
Install Mechanism
This is an instruction-only skill (no install spec), yet the document instructs installing wenyan-cli via pnpm (global install). That increases friction and risk because the skill assumes an external CLI will be installed at runtime; the skill should declare an install spec and pin a known package/version or document provenance for the CLI.
!
Credentials
WECHAT_APP_ID and WECHAT_APP_SECRET are sensible and required for using WeChat APIs, but they are sensitive credentials and the manifest does not declare them. The skill asks agents to upload images and post content to an external service — requesting these secrets without declaring them is disproportionate and should be fixed. Consider using test credentials and limiting scope/permissions.
Persistence & Privilege
The skill does not request always:true, does not declare persistent config paths, and does not claim to modify other skills or system-wide settings. Its runtime behavior appears limited to reading files and calling external APIs for publication.
What to consider before installing
Do not install or provide real WeChat credentials until the author clarifies the mismatch between the SKILL.md and the registry metadata. Ask the publisher to (1) update the manifest to list required env vars (WECHAT_APP_ID, WECHAT_APP_SECRET) and the wenyan-cli dependency with a pinned version and install spec, (2) provide a trustworthy homepage or source repo for wenyan-cli and the skill, and (3) document exactly what files/paths the skill will read or upload. If you must test, use a disposable/test WeChat account and rotate credentials afterwards, run the CLI installation in an isolated environment (container/VM), and inspect the wenyan-cli package source on npm/GitHub before granting access to production secrets.

Like a lobster shell, security has layers — review code before you run it.

latestvk977d28jkzer9gyxqb61wk4mbx84e4yb
76downloads
0stars
1versions
Updated 2w ago
v1.0.1
MIT-0
Lei@caol64
latest
Download

微信公众号文章发布工具 (WeChat Publisher)

这是一个专门为 AI Agent 设计的技能,用于将标准的 Markdown 文档转换为符合微信公众号排版要求的富文本并直接发布。它集成了自动化样式注入、代码高亮处理以及素材库图片自动上传功能。

前置要求

  • 环境配置:必须设置 WECHAT_APP_IDWECHAT_APP_SECRET 环境变量。
  • 依赖工具:已安装 wenyan-cli (pnpm add -g @wenyan-md/cli)。

核心能力

  • 自动化排版:支持多种内置主题(如 orangeheart)和代码高亮方案。
  • 智能素材处理:自动解析 Markdown 中的本地或网络图片,并同步上传至微信素材库。
  • 元数据驱动:通过 YAML Frontmatter 自动配置文章标题、封面、作者和原文链接。
  • 高度可定制:支持自定义 CSS 主题注入,满足个性化品牌视觉。

AI Agent 指令指南:发布流程规范

Frontmatter 约束 (必须包含)

文章开头 必须 包含以下 YAML 块,否则发布接口将返回错误:

---
title: 文章标题
cover: ./cover.jpg # 若缺省则自动取正文第一张图
author: 作者名称 # 可选
source_url: https://example.com/original-article # 可选,原文链接
---

核心参数说明

  • -f, --file(必填) Markdown 文件路径。
  • -t, --theme:排版主题(默认 default)。
  • -h, --highlight:代码高亮主题(默认 solarized-light)。
  • --no-mac-style:禁用代码块 Mac 风格。

常用操作示例

1. 标准发布 (使用默认配置)

wenyan publish -f my-article.md

2. 指定内置主题与高亮发布

wenyan publish -f article.md -t orangeheart -h solarized-light

3. 列出所有可用主题

wenyan theme -l

故障排除 (Agent 专用)

  • IP 限制错误 (invalid ip):提醒用户将当前环境的出口 IP 加入微信后台的“IP 白名单”。
  • AppID/Secret 错误:检查环境变量是否正确注入。
  • 图片上传失败:确认 Markdown 中的本地图片路径在当前目录中真实存在。
  • 发布排版不符预期:检查 YAML Frontmatter 是否符合规范。

Comments

Loading comments...