Back to skill
Skillv1.0.0
ClawScan security
wechat article formatter pro · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 15, 2026, 9:51 AM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's files and runtime instructions match its stated purpose (formatting WeChat articles to styled HTML) and do not request unrelated credentials or network access.
- Guidance
- This skill appears coherent and focused: it converts drafted Markdown into a themed HTML file using bundled CSS. Before installing/using it: (1) ensure Python 3 and the Python 'markdown' package are available (the skill does not declare this dependency); (2) run it in a directory where writing draft_article.md and creating output_articles/ is acceptable (it may overwrite draft_article.md if present); (3) review the included Python files if you require extra assurance — they perform only local file I/O and HTML generation and make no network calls or credential accesses; (4) for extra safety, run the skill in an isolated/sandbox environment if the input or execution context is untrusted.
Review Dimensions
- Purpose & Capability
- okName/description, SKILL.md workflow, and included Python modules (skill_entry.py and wechat_template_generator.py) all focus on converting a Markdown draft to themed HTML using the bundled CSS themes. Nothing requests unrelated services or credentials.
- Instruction Scope
- noteSKILL.md instructs the agent to produce/overwrite draft_article.md in the current directory and to run `python3 skill_entry.py draft_article.md <theme>`. That is within the stated purpose, but it will write files in the working directory (and create an output_articles/ folder) — users should be aware it may overwrite an existing draft_article.md if present.
- Install Mechanism
- okNo external install or remote downloads; code is included in the bundle. The only runtime dependency is the Python 'markdown' package which is not declared in metadata — there is no high-risk install step or external URL fetch.
- Credentials
- okThe skill requests no environment variables, credentials, or config paths. The code performs only local file reads/writes and local Markdown-to-HTML conversion, matching the purpose.
- Persistence & Privilege
- okalways is false and the skill does not attempt to modify other skills or global agent settings. It only writes generated HTML to output_articles/ in the current workspace.