微信公众号内容提取工具

The skill contains a significant security vulnerability in `scripts/extract.js`, where it uses `new Function()` to execute JavaScript code extracted directly from the HTML of the target WeChat article. This creates a Remote Code Execution (RCE) risk if the tool is directed to a malicious URL designed to exploit this parsing logic. Additionally, `convert.js` and `run-extract.js` contain hardcoded absolute file paths (e.g., `/Users/canghe/` and `C:/Users/xsl/`), suggesting the bundle was packaged from a local development environment without proper sanitization. While these issues represent poor security practices and high risk, there is no clear evidence of intentional malice or data exfiltration.