wechat-style-publisher
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: wechat-style-publisher Version: 1.0.0 The skill bundle provides a legitimate set of tools for formatting and publishing articles to WeChat Official Accounts. It includes Node.js and Python scripts for applying CSS themes, extracting templates from existing articles (via URL or local file), and managing multi-account publishing workflows. While the scripts handle sensitive WeChat API credentials (appId/appSecret) and perform network requests, these actions are necessary for the stated functionality and are directed to the official WeChat API endpoints. No evidence of data exfiltration, malicious execution, or prompt injection was found across the codebase (e.g., scripts/publish-node.mjs, scripts/import-template-python.py).
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If article or imported template HTML contains an unexpected local path, the skill could read and upload a local file to the WeChat material API while publishing.
The publish flow scans generated HTML for local img src values and uploads them to WeChat. The code does not restrict paths to a safe content directory, reject absolute paths, or require per-file confirmation.
const imagePath = path.isAbsolute(src) ? src : path.resolve(baseDir, src); const uploaded = await uploadImage(config, accessToken, imagePath, false);
Only use trusted article/template HTML, review all image paths before publishing, and update the skill to reject absolute paths or '..' traversal and ask for confirmation before uploading files.
Anyone who can read the config file or token cache may be able to act on the configured WeChat accounts until the token expires or credentials are rotated.
The skill uses WeChat account app secrets to obtain access tokens and persists those tokens in a local cache. This is expected for WeChat publishing, but it is sensitive account authority.
secret: account.appSecret
...
await fs.writeFile(cacheFile, JSON.stringify({ access_token: result.access_token, expires_at: expiresAt }, null, 2), "utf8");Keep config and .tokens files out of shared folders and version control, restrict file permissions, and use dedicated WeChat credentials with the minimum needed permissions.
A saved template may carry unwanted HTML, links, images, or styling into future WeChat drafts.
Imported article HTML, CSS, and analysis are stored persistently as reusable template variables. This is a stated feature, but content imported from URLs or untrusted files can be reused later.
registry.templates[templateName] = {
name: templateName,
importedAt: new Date().toISOString(),
source: analysis.source,
introHtml,
outroHtml,
customCss: styleOutput,
...
analysis
};Review and sanitize imported templates before saving or reusing them, especially templates imported from external URLs.
Installing dependencies later could resolve to newer package versions than the author tested.
The skill includes executable Node.js scripts and depends on external npm packages with semver ranges. That is normal for this functionality, but dependency versions are not fully pinned.
"dependencies": {
"highlight.js": "^11.11.1",
"juice": "^11.0.3"
}Install in an isolated environment, use lockfiles or pinned versions where possible, and review dependency provenance.