Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
wechat publisher
v0.1.1微信公众号文章发布工具,支持 Markdown 转换、AI 去痕、多主题
⭐ 0· 27·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The code implements a WeChat publisher, Markdown→HTML converter, themes, and optional AI 'humanize' features — which aligns with the name/description. However the registry metadata declares no required env vars or primary credential while the SKILL.md and code expect WeChat AppID/AppSecret and optional AI API keys, an inconsistency that should be corrected.
Instruction Scope
Runtime instructions and code will read configuration from ~/.wechat-publisher/config.yaml and from environment variables (including an OpenClaw .env). The included shell script (scripts/publish.sh) uses 'source ~/.openclaw/.env' which executes arbitrary shell content if present — this is dangerous because it can run arbitrary commands on the host. The humanizer feature will send extracted article text to external AI providers (configurable provider/base_url), so article content and any included sensitive strings could be transmitted to third parties.
Install Mechanism
There is no install spec in the registry, but SKILL.md recommends installing via pip from a GitHub repo (git+https://github.com/yuesf/wechat-publisher.git). Pulling code from a GitHub repo is common but means arbitrary code will be executed on install — the registry should have declared this. The project also contains many Python modules bundled in the skill (so it's not instruction-only).
Credentials
The skill requires sensitive credentials (WECHAT_APP_ID, WECHAT_APP_SECRET) and optionally AI API keys, yet the registry lists no required env vars or primary credential. There's also an env naming inconsistency: pyproject/settings use an env_prefix (WECHAT_PUBLISHER_) but code and SKILL.md expect WECHAT_APP_ID / WECHAT_APP_SECRET and AI_API_KEY / AI_PROVIDER; this mismatch can cause confusion and inadvertent leakage. The skill will also read ~/.openclaw/.env (and the script sources it).
Persistence & Privilege
The skill is not marked 'always', and it doesn't modify other skills. However it writes a config file to ~/.wechat-publisher/config.yaml and reads theme/config files in home dirs (e.g. ~/.multi-writing-skills/themes). The biggest privilege concern is the included publish.sh which 'sources' ~/.openclaw/.env (execution of arbitrary shell content). Combined with network calls, this increases blast radius if .env is untrusted.
What to consider before installing
What to check before installing/using:
- Expect to provide WeChat AppID and AppSecret (and optionally an AI API key). The registry metadata currently omits these; verify/decline if you need explicit declaration.
- Inspect ~/.openclaw/.env before running anything from this project. The bundle includes scripts/publish.sh which 'sources' (~/.openclaw/.env) and will execute any shell code found there — do not run the script if you don't control that file.
- If you plan to use AI 'humanize', confirm the provider/base_url you configure and that you trust the provider: article text will be sent to that external API and may include sensitive content.
- Prefer running this in an isolated environment (container or VM) the first time, or audit the repository locally before pip-installing from the GitHub URL recommended in SKILL.md.
- Ask the publisher/maintainer to: (1) declare required env vars and primary credential in registry metadata, (2) stop 'sourcing' .env files (parse them safely instead), and (3) clarify env variable naming (WECHAT_ vs WECHAT_PUBLISHER_). If you cannot verify the author or repo, treat the script and automatic execution as risky.Like a lobster shell, security has layers — review code before you run it.
latestvk97cxfrac1ed5nt8gm1x7c1z8n844k8f
License
MIT-0
Free to use, modify, and redistribute. No attribution required.