Wechat Mp Fetch
v1.0.1微信公众号文章抓取技能。当用户发送微信文章链接(mp.weixin.qq.com/s/xxx)并表达"抓取"、"获取"、"保存"、"转成笔记"等意图时自动触发。使用 Playwright 渲染页面并提取文章标题、正文内容和原始 URL。
⭐ 1· 73·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description match the implementation: the skill uses Playwright to load mp.weixin.qq.com pages and extract title/content. Declared dependencies (playwright, Node.js) are appropriate and necessary for this purpose.
Instruction Scope
SKILL.md and the script limit actions to navigating to the provided URL, waiting for rendering, extracting #js_content and title, and printing JSON. They do not read other files, environment variables, or transmit results elsewhere. Note: loading arbitrary web pages executes their JavaScript and network requests in the headless browser (expected for this task) which may fetch third-party resources; the skill itself does not appear to exfiltrate data.
Install Mechanism
No automatic install spec is provided (instruction-only), but package.json/package-lock declare Playwright as a dependency. Playwright and Chromium will be downloaded via npm when the user runs npm install — this is expected but does involve downloading sizable browser binaries from the npm registry/mirror.
Credentials
The skill requests no environment variables, credentials, or config paths. The code does not attempt to access secrets or unrelated services.
Persistence & Privilege
The skill is user-invocable and not always-enabled. It does not modify other skills or system agent settings and does not persist data to disk in its implementation (aside from Playwright browser cache/install performed by npm).
Assessment
This skill appears to do what it claims, but review these operational cautions before installing: 1) npm install will download Playwright and Chromium binaries from the npm registry (or mirror) — do this in a controlled environment if you have supply-chain concerns. 2) The headless browser will execute the target page's JavaScript and make network requests when rendering; run the skill on untrusted pages in an isolated container or VM to limit risk from malicious web content. 3) The skill does not handle WeChat login credentials; if you make browser cookies available to access gated content you are responsible for their security. If you want extra assurance, inspect package-lock.json and run the script in a sandboxed environment first.Like a lobster shell, security has layers — review code before you run it.
latestvk97cm582358n9ex0085a2q51a5846w6p
License
MIT-0
Free to use, modify, and redistribute. No attribution required.