Skillv1.0.0

ClawScan security

Weixin Reader · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 8, 2026, 1:42 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's instructions and requirements are internally consistent with its stated purpose of extracting WeChat (mp.weixin.qq.com) article text; there are no hidden installs, credentials, or suspicious actions, but it depends on an external extractor tool that the skill does not declare explicitly.
Guidance: This skill appears to do what it says: extract WeChat article text. Before installing, verify the runtime environment provides the extract_content_from_websites tool (the SKILL.md requires it but the skill metadata does not declare it). Confirm that extractor tool is trusted and does not require undeclared credentials. Be aware that extracting full article text may have copyright or privacy implications, and that fetching arbitrary user-supplied URLs will cause the agent (or the extractor) to retrieve remote content — ensure you trust that behavior. If you need a skill that uses a different fetch method, ask the author to declare that dependency in the metadata or provide an alternative. If anything about the extractor or data handling is unclear, treat the skill as untrusted until clarified.

Review Dimensions

Purpose & Capability: noteThe skill's name/description match the runtime instructions: it only describes extracting full text (title, author, date, body) from mp.weixin.qq.com links. However, the SKILL.md mandates using an external tool named extract_content_from_websites (and forbids web_fetch) while the skill metadata does not declare this tool or any dependency — a minor mismatch the integrator should verify (i.e., ensure the platform provides that extractor).
Instruction Scope: okInstructions are narrowly scoped to fetching and cleaning article content (strip HTML, navigation, ads) and returning title/author/date/content. They do not instruct reading unrelated files, environment variables, or sending data to unexpected endpoints. The only external action is use of the named extractor tool on a user-provided URL, which is appropriate for the purpose.
Install Mechanism: okNo install spec and no code files — instruction-only skill — so nothing will be written to disk or downloaded by the skill itself. This is low-risk and coherent with the described behavior.
Credentials: okThe skill requests no environment variables, credentials, or config paths, which is proportionate for a read-only web extraction task. Note: if the referenced extractor requires credentials or special capabilities, that should be declared before installation.
Persistence & Privilege: okalways is false and autonomous invocation is not disabled (platform default). The skill does not request permanent presence or modify system/other-skill settings; privileges requested are minimal.