Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
热点追踪,写作画像自定义,创作发布一体化自媒体内容创作助手
v1.0.1集热点追踪、写作画像定制、质量审查与多平台同步发布于一体的自媒体内容创作助手。
⭐ 0· 522·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name and description (热点追踪、写作画像与发布) align with the SKILL.md workflow (tracking, style library, writing, quality checks, publish). However the skill assumes a local '写作画像库' and specific local paths (/Volumes/小v工作空间, /Users/sue/...) and references an IP (180.165.18.247) that are environment-specific and not justified in the registry metadata. The functional needs (WeChat publishing, Tencent Docs MCP) explain some extra requirements, but those credentials are not declared in the skill metadata — this mismatch is noteworthy.
Instruction Scope
SKILL.md tells the agent to read and write specific local file paths, inspect a local '写作画像库', call a 'tools/call' MCP method, and interact with external endpoints (api.weixin.qq.com, docs.qq.com). It also instructs cloning and running a third-party 'wexin-read-mcp' service. Instructions reference local config files (mcporter.json) and outputs directory. These actions are within the skill's stated purpose but broaden the agent's access to user filesystem and to installing/running external code — this is scope expansion that the registry metadata did not declare.
Install Mechanism
The package is instruction-only (no install spec), but SKILL.md includes explicit install steps: `git clone https://github.com/Bwkyd/wexin-read-mcp.git` and `pip install -r requirements.txt`. That means following the instructions will fetch and execute arbitrary third-party code from GitHub. While the URL is a normal GitHub repo (not an obfuscated host), the registry did not surface this install requirement. Treat running those install steps as a moderate risk until the repo is audited.
Credentials
Registry lists no required env vars, yet SKILL.md expects and references several credentials/configs: WeChat AppID/AppSecret for publishing, MCP token/headers for Tencent Docs, and an IP whitelist entry. Those credentials are proportionate to the publishing capability, but the skill failing to declare them is an incoherence. Requiring user secrets is expected for this functionality, but they should be declared and the skill should document how they are used and stored.
Persistence & Privilege
always is false and there is no claim to modify other skills or system-wide settings. The skill writes to its own workspace output/config paths per the instructions; that is normal for a content-authoring skill. No elevated persistence privileges are requested in the metadata.
What to consider before installing
Before installing or running this skill: 1) Understand it expects you to provide WeChat AppID/AppSecret and a Tencent Docs (MCP) token — only provide those to trusted code and prefer least-privilege test accounts. 2) The SKILL.md instructs cloning and pip-installing a GitHub repo (wexin-read-mcp); inspect that repository's code before running it. 3) Be aware the skill reads/writes local paths (it uses hard-coded example paths and a specific username 'sue'); adapt paths to a sandboxed workspace so it cannot access unrelated files. 4) Verify why IP 180.165.18.247 is listed in the doc and whether any external services require whitelisting. 5) If you plan to let the agent publish automatically, test with a non-production account and avoid giving high-privilege tokens until you confirm behavior. 6) If you want lower risk, ask the skill author to: declare required env vars in metadata, remove hard-coded local paths, and supply an audited install package or a vetted release URL instead of an ad-hoc git clone.Like a lobster shell, security has layers — review code before you run it.
latestvk97a9d4e92z7qy0w083rcp39n982qp51
License
MIT-0
Free to use, modify, and redistribute. No attribution required.