Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Wechat Mp Auto
v0.1.2自动完成微信公众号文章的选题调研、Markdown写作、智能配图、内容审核和发布全流程管理。
⭐ 1· 175·0 current·0 all-time
byW.Zhaojin@wzhaojin
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's name/description (WeChat MP automation) aligns with the included code (token_manager, publish, draft_skill, material_skill, image generation/search, content review). However the registry summary at the top of the bundle claims 'Required env vars: none' and 'Homepage: none' while metadata.json and SKILL.md clearly require WECHAT_APP_ID/WECHAT_APP_SECRET and reference a GitHub homepage — this mismatch is an incoherence in packaging/metadata.
Instruction Scope
SKILL.md limits AI orchestration to calling the provided tools and documents the exact sequence (research → outline → generate Markdown with LLM → review → images → convert → draft). The runtime instructions reference only expected files/paths (~/.config/wechat-mp-auto/config.json, ~/.openclaw/.env, ~/.cache/wechat-mp-auto) and external services needed for the stated purpose (WeChat API, Tavily/DuckDuckGo/Baidu for research, Pexels/Unsplash/AIs for images). I saw no instructions that would cause the agent to read unrelated system files or exfiltrate arbitrary secrets beyond the declared configuration locations.
Install Mechanism
There is no install spec (instruction-only at registry level) but the skill bundle includes many Python files and a publish script. No remote download/install-from-URL behavior was declared. Dependencies are simple (requests, PyYAML) and optional image/AI libs. No high-risk installer steps detected in the provided files.
Credentials
The skill legitimately needs WeChat credentials (WECHAT_APP_ID, WECHAT_APP_SECRET) and optionally image/search/API keys (PEXELS, UNSPLASH, OPENAI, TAVILY) — these are proportional to publishing, research and image generation. The concern is a packaging/metadata inconsistency: the registry summary incorrectly lists 'Required env vars: none' while metadata.json and SKILL.md require WeChat credentials. There are also multiple optional third-party provider keys (image providers and many possible image-gen backends in comments) — verify you only supply keys you trust. Version fields are inconsistent across files (src/_version.py, metadata.json, README, etc.), which suggests sloppy packaging and raises the risk that the published bundle may not match the referenced upstream repository.
Persistence & Privilege
The skill does not request 'always: true' and does not attempt to modify other skills. It stores config and caches under ~/.config/wechat-mp-auto and ~/.cache/wechat-mp-auto and caches tokens (expected for this use case). This is normal for a tool that needs to hold API credentials and temporary artifacts.
What to consider before installing
Summary of what to check before installing:
1) Metadata mismatch: the top-level registry listing said no env vars, but SKILL.md and metadata.json require WECHAT_APP_ID and WECHAT_APP_SECRET (or a config file at ~/.config/wechat-mp-auto/config.json). Do not run the skill without those WeChat credentials in a controlled environment.
2) Verify source and versions: metadata.json lists a GitHub homepage but the registry summary said none and several files contain inconsistent versions (src/_version.py, metadata.json, README, SKILL.md). Prefer installing from a trusted upstream repository and confirm version consistency.
3) Credential scope: the skill legitimately needs your WeChat AppID/Secret and optionally keys for Pexels/Unsplash/Tavily/OpenAI if you enable those features. Only provide API keys you trust and consider creating limited-scope/test accounts where possible.
4) Network behavior: the skill performs outbound requests for research (Tavily/DuckDuckGo/Baidu), image search/download (Pexels/Unsplash), and may call multiple AI image providers (many backends are listed). If you must protect sensitive network contexts, run the skill in an isolated environment or sandbox and ensure your server IP is added to your WeChat IP whitelist as required.
5) Check config files and caches: it will read/write ~/.config/wechat-mp-auto/* and ~/.cache/wechat-mp-auto/* and ~/.openclaw/.env. Inspect these locations after a test run; delete token cache files if you revoke credentials.
6) Run initial tests without real credentials: if possible, run the code in 'check-only' or dry-run modes (publish.py supports --check-only) to observe behavior before granting publish-level credentials.
If you want, I can point out the exact files/lines where the WECHAT credential reads occur and where optional provider lists are defined, or produce a short checklist to safely test this skill in a sandboxed environment.Like a lobster shell, security has layers — review code before you run it.
articlevk970ww3afh61tncpvqwgb29cvx8374mkautomationvk970ww3afh61tncpvqwgb29cvx8374mklatestvk97e1hec3ymx4cy7rxmh0pf24x83g5t0openclawvk970ww3afh61tncpvqwgb29cvx8374mkpublishvk970ww3afh61tncpvqwgb29cvx8374mkwechatvk970ww3afh61tncpvqwgb29cvx8374mkweixinvk970ww3afh61tncpvqwgb29cvx8374mk
License
MIT-0
Free to use, modify, and redistribute. No attribution required.