ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

微信公众号内容提取工具

v1.0.0

Extract metadata and content from WeChat Official Account articles. Use when user needs to parse WeChat article URLs (mp.weixin.qq.com), extract article info...

0· 31·0 current·0 all-time
by雨飞@xls1994
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
The name/description and the main scripts (scripts/extract.js, bin/wechat-extract.js) match the stated purpose (fetch and parse mp.weixin.qq.com pages). However there are additional files (convert.js, run-extract.js) that read/write absolute user-specific filesystem paths and embed a concrete example URL; those files are not necessary for the core scraping capability and are unexpected.
!
Instruction Scope
SKILL.md and the CLI instruct only network fetch + parsing. But repository files reference local filesystem paths (e.g. convert.js reads /Users/canghe/.../tool-results/b97eb13.txt and writes to /Users/canghe/Downloads/..., run-extract.js writes to C:/Users/xsl/...), which are outside the stated scope and would access user data if executed. Also scripts/extract.js uses new Function to execute code snippets extracted from page <script> tags — this executes untrusted JS scraped from webpages.
Install Mechanism
No install spec is provided (instruction-only from platform perspective). Dependencies are standard npm libs declared in package.json (cheerio, request-promise, etc.). There is no external download or obscure installer.
!
Credentials
The skill does not request environment variables or credentials, which is appropriate. But the presence of hardcoded absolute paths and sample-run files that access user home directories is disproportionate to a simple extractor and could read or overwrite local files if those helper scripts are run.
Persistence & Privilege
The skill is not always-enabled and doesn't request special platform privileges. It writes output files when used (expected for a CLI tool). The concern is file writes to unexpected, hardcoded locations in some scripts rather than a generic current-directory output.
Scan Findings in Context
[use_of_new_Function_dynamic_code_execution] unexpected: scripts/extract.js constructs and runs new Function(...) on JavaScript extracted from page <script> tags to recover variables. This is sometimes used to parse embedded script data but effectively executes untrusted code from remote pages and is high-risk unless carefully sandboxed or strictly validated.
[hardcoded_user_paths] unexpected: convert.js and run-extract.js contain absolute paths pointing to specific user home directories (/Users/canghe/... and C:/Users/xsl/...). These are not required by the documented CLI usage and could read or overwrite user files if executed.
[http_request_to_target_hosts] expected: scripts/extract.js performs HTTP GET requests to mp.weixin.qq.com and weixin.sogou.com using request-promise — this is expected for a web scraper.
What to consider before installing
This skill mostly matches its description (it fetches and parses WeChat article pages), but take these precautions before installing or running it: - Inspect or remove helper scripts: do not run convert.js or run-extract.js unmodified — they contain hardcoded absolute paths that will read/write files in specific user home directories. Those files look like developer convenience scripts and are not needed for normal CLI usage. - Beware dynamic execution: scripts/extract.js uses new Function(...) to evaluate JavaScript taken from page <script> blocks. That can execute arbitrary code from the scraped page. Only run this tool on unprivileged hosts or inside a sandbox/container, and avoid feeding it URLs from untrusted sources. - Run in an isolated environment (VM, container) and avoid running as an administrator/root user. Review which files will be written and consider changing output paths to a safe directory. - If you need higher assurance, ask the maintainer whether the new Function usage is strictly limited to parsing static assignment expressions (and for a code comment or test showing sanitization), and request removal or disabling of developer scripts with hardcoded paths. Given these issues, treat the skill as suspicious rather than outright malicious; it may be benign developer leftovers, but it includes risky behaviors you should address before use.
scripts/extract.js:206
Dynamic code execution detected.
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk977pb4cyz3w9h0m9t0vc8wvm9843txj

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments