Wechat Article Search
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing a global npm package changes the user's Node environment and depends on npm package provenance.
The skill relies on an unpinned npm dependency and suggests global installation, while the registry metadata does not declare required binaries or an install spec.
该脚本依赖NodeJS依赖包 `cheerio`,建议先执行全局安装或在项目中安装: ```bash npm install -g cheerio ```
Prefer a local project install, pin the dependency version when possible, and install only from the official npm registry.
The user's network/IP may be used for scraping-like activity, which could run into site rate limits, terms-of-use restrictions, or IP blocking.
The script intentionally randomizes browser User-Agent headers for its web requests, which is aligned with the scraper/search purpose but is still behavior users should understand.
// 可配置 User-Agent 池(固定 20 个),每次请求随机选一个,避免固定 UA
Use the skill sparingly, avoid bulk crawling, and follow the target sites' terms and rate limits.
Search keywords and link-resolution activity may be visible to external services.
The script sends requests to external Sogou/Weixin endpoints to perform searches and resolve article links.
'Host': 'weixin.sogou.com', 'Referer': 'https://weixin.sogou.com/'
Avoid using confidential or sensitive search terms, and be aware that resolving real URLs may generate additional external requests.