WeChat MP Multi-Publisher

Security checks across static analysis, malware telemetry, and agentic risk

Overview

The skill appears purpose-aligned for publishing selected Markdown to WeChat, but it uses WeChat account credentials, uploads content/assets, and can optionally publish publicly.

Install this only if you want the agent to use WeChat MP credentials to create drafts or publish content. Protect the credentials file, test with --dry-run or draft-only mode, require explicit approval before public publishing or cron automation, and consider pinning/reviewing the npm dependency.

Static analysis

Env credential access

Critical

Finding: Environment variable access combined with network send.

Potential exfiltration

Warn

Finding: Sensitive-looking file read is paired with a network send.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Risk analysis

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

ASI03: Identity and Privilege Abuse

Medium

What this means

Anyone running the skill with these credentials can create drafts and, with the publish option, potentially publish through the connected WeChat account.

Why it was flagged

The script reads WeChat app credentials from environment variables or a local credentials file to authenticate to the WeChat MP account.

Skill content

const appId = process.env.WECHAT_APP_ID; const appSecret = process.env.WECHAT_APP_SECRET; ... fs.readFileSync(CREDENTIALS_PATH, "utf-8")

Recommendation

Use dedicated WeChat MP credentials where possible, restrict file permissions on the credentials file, and only provide credentials on systems where you trust the agent and script.

ASI02: Tool Misuse and Exploitation

Medium

What this means

Accidental or overly broad use of these flags could publish content publicly instead of only creating a draft.

Why it was flagged

The CLI exposes options that can move beyond draft creation and publish content to the WeChat account.

Skill content

--publish        Also trigger freepublish after draft creation
  --media-id=xxx   Publish an existing draft by media_id

Recommendation

Use dry-run or draft-only mode first, and require explicit user confirmation before using --publish or --media-id.

ASI07: Insecure Inter-Agent Communication

Low

What this means

Private or unintended local images referenced by the Markdown could be uploaded to WeChat if included in the article.

Why it was flagged

Selected local article images are uploaded to WeChat as part of the publishing workflow.

Skill content

**Inline images** — local PNG/JPG auto-uploaded to WeChat CDN

Recommendation

Review Markdown image references before publishing and avoid including private local files unless they are intended for WeChat.

ASI04: Agentic Supply Chain Vulnerabilities

Low

What this means

The exact dependency version installed may vary over time, so users rely on the current npm package state.

Why it was flagged

The required npm dependency is installed without a pinned version or lockfile in the provided artifacts.

Skill content

npm install @wenyan-md/core

Recommendation

Pin the dependency version, review the package source, and install in a controlled project environment.

ASI10: Rogue Agents

Low

What this means

If the user installs this cron job, the script can continue creating WeChat drafts on a schedule without further prompts.

Why it was flagged

The setup guide includes a cron example for recurring automated draft pushes.

Skill content

0 22 * * * cd /your/project && node publish.mjs articles/deep.md articles/news.md >> /var/log/wechat-push.log 2>&1

Recommendation

Only add scheduled jobs intentionally, keep them draft-only unless public publishing is intended, and periodically review or remove the cron entry.