critical
suspicious.env_credential_access
- Location
- scripts/publish.mjs:19
- Finding
- Environment variable access combined with network send.
WeChat MP Multi-Publisher
AdvisoryAudited by Static analysis on May 10, 2026.
Overview
Detected: suspicious.env_credential_access, suspicious.potential_exfiltration
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
NoteHigh Confidence
ASI03: Identity and Privilege AbuseWhat this means
Anyone running the skill with these credentials can create drafts and, with the publish option, potentially publish through the connected WeChat account.
Why it was flagged
The script reads WeChat app credentials from environment variables or a local credentials file to authenticate to the WeChat MP account.
Skill content
const appId = process.env.WECHAT_APP_ID; const appSecret = process.env.WECHAT_APP_SECRET; ... fs.readFileSync(CREDENTIALS_PATH, "utf-8")
Recommendation
Use dedicated WeChat MP credentials where possible, restrict file permissions on the credentials file, and only provide credentials on systems where you trust the agent and script.
NoteHigh Confidence
ASI02: Tool Misuse and ExploitationWhat this means
Accidental or overly broad use of these flags could publish content publicly instead of only creating a draft.
Why it was flagged
The CLI exposes options that can move beyond draft creation and publish content to the WeChat account.
Skill content
--publish Also trigger freepublish after draft creation --media-id=xxx Publish an existing draft by media_id
Recommendation
Use dry-run or draft-only mode first, and require explicit user confirmation before using --publish or --media-id.
NoteHigh Confidence
ASI07: Insecure Inter-Agent CommunicationWhat this means
Private or unintended local images referenced by the Markdown could be uploaded to WeChat if included in the article.
Why it was flagged
Selected local article images are uploaded to WeChat as part of the publishing workflow.
Skill content
**Inline images** — local PNG/JPG auto-uploaded to WeChat CDN
Recommendation
Review Markdown image references before publishing and avoid including private local files unless they are intended for WeChat.
NoteHigh Confidence
ASI04: Agentic Supply Chain VulnerabilitiesWhat this means
The exact dependency version installed may vary over time, so users rely on the current npm package state.
Why it was flagged
The required npm dependency is installed without a pinned version or lockfile in the provided artifacts.
Skill content
npm install @wenyan-md/core
Recommendation
Pin the dependency version, review the package source, and install in a controlled project environment.
NoteHigh Confidence
ASI10: Rogue AgentsWhat this means
If the user installs this cron job, the script can continue creating WeChat drafts on a schedule without further prompts.
Why it was flagged
The setup guide includes a cron example for recurring automated draft pushes.
Skill content
0 22 * * * cd /your/project && node publish.mjs articles/deep.md articles/news.md >> /var/log/wechat-push.log 2>&1
Recommendation
Only add scheduled jobs intentionally, keep them draft-only unless public publishing is intended, and periodically review or remove the cron entry.
Findings (2)
warn
suspicious.potential_exfiltration
- Location
- scripts/publish.mjs:92
- Finding
- Sensitive-looking file read is paired with a network send.