Back to skill
Skillv1.0.0
ClawScan security
wechat-claw-skill · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 15, 2026, 3:02 PM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's code, scripts, and runtime instructions are coherent with its stated purpose (WeChat article authoring, image planning, render/validate/publish pipeline); it mainly delegates publishing and image generation to external scripts which the user must supply and trust.
- Guidance
- This skill is internally consistent, but it delegates sensitive actions to external scripts you must supply: the nanobanana image generator and the wechat_mp uploader/publisher. Before using, (1) inspect/review any external scripts (generate_image.py, wechat_mp.py) you pass to run_pipeline — they will be executed with subprocess and could run arbitrary commands or exfiltrate data; (2) verify how the WeChat script stores and uses credentials (prefer env vars or secure stores over plaintext files); (3) be careful when giving the skill URL sources to collect_sources.py — it can fetch remote content you point to; (4) if you need autonomous agent runs, restrict what inputs the agent can provide so it cannot point the pipeline at untrusted scripts or endpoints. Finally, ask the author why 'searxng' is listed as a required skill in metadata since the instructions say the collector will not crawl without explicit sources.
Review Dimensions
- Purpose & Capability
- okName/description (WeChat MP article writing + publish) align with the code and scripts: rendering, validation, image planning, source collection, and a pipeline to call image-generation and WeChat upload scripts. Required binary (python3) is appropriate. Declared required OpenClaw skills (nanobanana-pro-fallback and wechat-mp) match expected optional pipeline hooks.
- Instruction Scope
- noteSKILL.md and scripts keep scope to article production. The pipeline explicitly calls user-provided external scripts for image generation and WeChat upload/publish via subprocess.run; collect_sources supports local files and URLs. This is expected for a pipeline but means the skill will execute arbitrary code you point it at and may fetch user-specified URLs — review any external scripts and supplied source URLs before running.
- Install Mechanism
- okThere is no install spec (instruction-only from platform perspective) and scripts live in the repo; nothing is downloaded at install time. This is the lowest-risk install pattern for this type of tool.
- Credentials
- noteThe skill does not request environment variables or credentials itself. However, publishing requires you to pass a wechat_mp script path (wechat_script) that will likely require WeChat credentials (not managed by this skill). That delegation is proportional but means credential handling is offloaded to the external script you provide — verify how that script stores/uses secrets. The SKILL.md metadata also lists 'searxng' as a required skill; the runtime docs emphasize not to fetch sources automatically, so the searxng dependency is not clearly justified.
- Persistence & Privilege
- okalways:false and default autonomous invocation are used (normal). The skill does not request persistent system-wide privileges or modify other skills; it writes artifacts under the provided output directory and operates on files the user supplies.