公众号自动发布

This skill appears to implement a legitimate WeChat draft publisher, but there are some red flags to consider before installing: - Required credentials missing from registry metadata: The runtime script (scripts.sh) requires WECHAT_APPID and WECHAT_SECRET. The package registry incorrectly lists no required env vars—treat this as a manifest bug. Do not provide credentials until you confirm what the skill actually needs. - Credential handling: The README suggests sourcing a .env from your shell startup. If you follow that, those secrets become environment variables for your whole shell session and could be read by other processes; prefer supplying credentials scoped to the process or using a minimal isolated environment. - Network calls and endpoints: The script calls only official WeChat endpoints (api.weixin.qq.com). Verify those endpoints in your environment and ensure you expect the account that will be used. - DEFAULT_COVER_URL behavior: SKILL.md mentions downloading a default cover to /tmp if DEFAULT_COVER_URL is set, but scripts.sh doesn't implement the download—confirm who performs the download and where DEFAULT_COVER_URL points to (avoid untrusted hosts). - Automation risk: If you enable Cron to auto-run this skill, a misconfigured downstream caller could publish undesired content. Review who can trigger the skill and audit scheduled tasks. Actionable steps before use: 1) Inspect and test scripts.sh locally in a safe account (do not use production AppID/Secret) to confirm behavior. 2) Fix or request corrected registry metadata that lists WECHAT_APPID and WECHAT_SECRET as required. 3) Provide credentials using a secure mechanism (process-scoped env or secrets manager), not by globally sourcing .env in your shell rc. 4) If enabling automation (cron), restrict the triggering source and monitor activity logs in the WeChat backend. If you want, I can suggest a minimal checklist or an example of a safer invocation pattern that avoids adding secrets to your shell startup.