wechat-publish-pro
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill mostly matches its WeChat publishing purpose, but it asks for high-value WeChat credentials and includes an unsafe shell helper that can execute unintended commands from crafted inputs.
Only install this from a pinned, trusted source. Avoid using scripts/publish.sh until the eval issue is fixed; use the Python CLI directly with explicit --account values. Treat WECHAT_APP_SECRET as sensitive, store it carefully, and review the article, cover image, and account before allowing the agent to publish or upload.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A malicious or accidental filename/title could cause arbitrary shell commands to run as the user if this helper script is used.
The script interpolates user-controlled file/title/cover values into a shell command string and runs it through eval, allowing crafted input to change the shell command that executes.
publish_cmd="wechat-publish-pro publish \"$file\"" [[ -n "$title" ]] && publish_cmd="$publish_cmd --title \"$title\"" ... eval $publish_cmd
Remove eval and invoke the CLI using a shell array, for example `cmd=(wechat-publish-pro publish "$file")` and then `cmd+=(--title "$title")`; never execute constructed command strings.
A future repository change, force-push, or compromise could change what gets installed without the user noticing.
The install instruction pulls an unpinned GitHub repository instead of a fixed version, commit, or hash; combined with the registry's unknown source/no install spec, users may install code different from the reviewed artifact.
pip install git+https://github.com/yuesf/wechat-publish-pro.git
Pin installation to a reviewed package version or commit hash and declare the source/homepage/install spec in registry metadata.
Anyone or any agent process with access to these credentials may be able to call WeChat official account APIs such as uploading media or creating drafts.
The skill requires WeChat official account credentials even though the registry metadata declares no required credentials or environment variables.
export WECHAT_APP_ID=your_wechat_app_id export WECHAT_APP_SECRET=your_wechat_app_secret
Use a dedicated WeChat app credential where possible, keep the AppSecret out of shell history, rotate it if exposed, and restrict use with WeChat IP allowlisting.
The agent can add draft content and media to the selected WeChat account; mistakes could affect the wrong account or create unwanted drafts.
The skill is intended to create WeChat official account drafts and upload images, which is purpose-aligned but is still account-mutating behavior.
直接发布: 一键发布到微信公众号草稿箱
Review the target file, title, cover image, and `--account` value before publishing; prefer requiring explicit user confirmation for publish/upload actions.
If API mode is enabled, draft article content could leave the local machine and be processed by a third-party service.
The converter contains an optional API mode that can send Markdown article content to an external conversion endpoint, although the default path appears to be local conversion.
MDNICE_API = "https://api.mdnice.com/api/v1/markdown" ... response = client.post(endpoint, json=payload)
Keep local conversion as the default, clearly disclose API mode to users, and ask before sending unpublished content to external endpoints.