Wechat Article Analyzer
v1.0.1微信公众号文章深度分析工具。 当用户发送微信公众号文章链接时,可以读取文章内容并进行深度分析。 功能:自动提取文章标题和正文、提取时间线、识别关键人物/公司、提取核心事实、进行主题分析、生成报告。 支持输出格式:Markdown 报告、OpenCLI 适配器、JSON 数据。
⭐ 0· 35·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description (WeChat article analyzer) aligns with the included code: the script fetches an article URL, extracts title/content, and runs NLP heuristics to produce timeline/stakeholders/facts/themes/quotes and outputs Markdown/YAML/JSON. Minor inconsistency: SKILL.md shows usage via from skills.wechat_article_analyzer import analyze_wechat, but the repo provides scripts/analyze_wechat.py (no packaged skills/ module path). No declared homepage/author identity, which reduces traceability but doesn't contradict functionality.
Instruction Scope
SKILL.md instructs the agent to fetch mp.weixin.qq.com links and run local analysis; the script performs only requests.get on the provided URL and local text processing. It does not read other files or environment variables. The skill will fetch arbitrary URLs provided by users; that is expected for a fetcher but introduces the usual risk that a maliciously crafted/ internal URL could be accessed (SSRF/information-leak) — the instructions do not show domain validation or sandboxing.
Install Mechanism
There is no install spec (instruction-only skill + included script). Dependencies are minimal and declared in requirements.txt (requests, pyyaml). No external archive downloads or obscure registries; nothing is written to disk by an installer step beyond normal Python package usage if user runs pip install.
Credentials
The skill declares no required environment variables, no credentials, and no config paths. The runtime code does not attempt to read secrets or other env vars. This is proportionate to the stated purpose.
Persistence & Privilege
always is false and the skill does not request persistent system privileges or modify other skills. Autonomous invocation is allowed by default (normal) and not combined with broad credential access.
Assessment
This skill appears to do what it says: fetch a WeChat article URL and extract structured information using regex-based heuristics. Before installing or enabling: 1) Review and if needed run the script in a sandboxed environment because it will perform an HTTP GET on any URL you (or users) provide — avoid letting it fetch internal-only hosts to reduce SSRF/information-leak risk. 2) Note the minor packaging mismatch: SKILL.md shows an import path that doesn't match the provided scripts/ layout; confirm how it will be invoked in your agent runtime. 3) The parsing uses regex and simple heuristics (may produce false positives); test on sample articles. 4) There are no requested credentials or remote installers, but you should still review the code if you require higher assurance. If you want stronger protections, restrict automatic invocation to trusted users or add domain whitelisting/sanitization before the fetch.Like a lobster shell, security has layers — review code before you run it.
latestvk9786ka2e60pb7kt14npddf6rx847y0s
License
MIT-0
Free to use, modify, and redistribute. No attribution required.