微信公众号内容提取工具
WarnAudited by ClawScan on May 10, 2026.
Overview
The tool largely matches its WeChat article extraction purpose, but it can fetch crafted look-alike URLs and execute JavaScript from downloaded or supplied pages on the local machine.
Review carefully before installing. Do not process untrusted or look-alike links with this skill, avoid raw HTML inputs, and prefer waiting for a version that removes new Function execution and validates hostnames strictly. If you use it anyway, run only a verified local or pinned npm package.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill may contact attacker-controlled sites even though it appears limited to WeChat/Sogou links.
The allow-list checks only whether the URL string contains the WeChat/Sogou pattern, not whether the actual hostname is exactly trusted. A crafted URL such as a look-alike hostname or a URL containing the trusted string in a query could pass and be fetched.
if (!/https?:\/\/mp\.weixin\.qq\.com/.test(normalized) && !/https?:\/\/weixin\.sogou\.com/.test(normalized)) { return getError(2009); } ... html = await request({ uri: normalized, method: 'GET',Parse the URL with a standard URL parser, enforce exact allowed hostnames such as mp.weixin.qq.com and weixin.sogou.com, and avoid overriding the Host header.
A crafted page or raw HTML input could run JavaScript in the local Node process instead of merely being parsed for article metadata.
The code selects JavaScript lines from script blocks in the downloaded or supplied HTML and executes them locally with new Function. Other new Function uses in the same file similarly execute page-derived code.
const fn = new Function(`${line}\nreturn ${field};`);Replace dynamic execution with safe parsing of known metadata patterns or JSON blobs. If script evaluation is unavoidable, run it in a tightly sandboxed environment without access to Node globals, files, processes, or network.
Users may run code from the npm registry that is not clearly tied to the reviewed artifact set.
The recommended command can download and execute an npm package by name. In the supplied metadata, the source is unknown and no homepage is provided, so the npx package provenance is not established by these artifacts.
npx wechat-article-extractor https://mp.weixin.qq.com/s/xxx
Prefer running the reviewed local files, or pin and verify the npm package version and source repository before using npx.