ClawHub

wechat mp draft

v1.0.0

代写微信公众号文章并保存到公众号草稿箱。使用场景:用户需要撰写公众号文章并直接发布到微信公众号后台草稿箱。触发词:"写公众号文章"、"保存到公众号草稿"、"微信文章"、"公众号发文"。

0· 340·0 current·0 all-time
by@xinian5216
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (save article to WeChat public account draft) align with included scripts and docs. The scripts only call official api.weixin.qq.com endpoints and require the expected AppID/AppSecret and an IP whitelist.
Instruction Scope
SKILL.md and scripts stay within the advertised scope: get access token, upload image (permanent material), and call the draft add API. They reference a config.sh for credentials and check for required local tools (curl, jq, file). No unrelated files, endpoints, or broad data-collection steps are present.
Install Mechanism
No install spec and no remote downloads. The skill is instruction-only plus local shell scripts — low installation risk. Running scripts writes nothing beyond standard temporary data and makes network calls only to WeChat endpoints.
Credentials
The manifest lists no required env vars, but the SKILL.md and scripts require AppID/AppSecret provided via a local config.sh; this is proportionate to the task. Note: credentials are expected to be stored in a local file (config.sh) rather than declared environment variables in the registry metadata.
Persistence & Privilege
Skill does not request permanent presence (always:false) and does not modify other skills or system-wide settings. It runs as invoked and requires the user to run the supplied scripts.
Assessment
This skill appears coherent and implements exactly what it claims: it needs your WeChat AppID and AppSecret (put into a local config.sh as instructed), the server IP must be added to the WeChat IP whitelist, and you must have basic tools (curl, jq, file). Before using: (1) keep config.sh private and add it to .gitignore, (2) review the scripts yourself and run them in a safe environment, (3) ensure you trust the source before supplying real credentials, and (4) install jq if missing. The only minor inconsistency is that the registry metadata didn't declare required credentials — the skill expects them in a local config file instead of environment variables.

Like a lobster shell, security has layers — review code before you run it.

latestvk977q77ay4ga80dtdjc59r0qp582sn8t

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments