wechat article publisher
v1.0.0从 Markdown 文件或网页链接提取文章并发布到微信公众号。适用于需要“自动创建草稿/提交发布”、统一微信样式(standard/viral)和批量复用发布流程的场景。
⭐ 2· 1.9k·16 current·16 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description match the included code and SKILL.md: the script extracts content from Markdown or web pages, renders HTML, and calls WeChat API endpoints (token, draft, material, freepublish). Required inputs are a local config.json with wechat.app_id and wechat.app_secret — appropriate for the stated purpose.
Instruction Scope
SKILL.md instructions are narrowly scoped to preparing config.json, installing dependencies, previewing (--dry-run), creating drafts and optionally publishing. The agent/script will read the provided Markdown file, web URL content, and the local config.json; there are no instructions to read unrelated system files or export arbitrary data.
Install Mechanism
No install spec in the registry; the script provides an --install that runs pip install -r scripts/requirements.txt. This installs third-party Python packages (requests, BeautifulSoup, markdown, pyyaml, Pillow) from PyPI — expected but worth noting because pip installation executes code from external packages and writes to the environment.
Credentials
The skill does not request platform env vars or unrelated credentials. It requires the WeChat app_id and app_secret placed in config.json (local file). Storing the app_secret in plaintext in a local file is functional but has security implications — a secret manager or environment variables might be preferable.
Persistence & Privilege
Skill is not forced-always, does not request platform-level privileges, and does not modify other skills. It runs as an on-demand script; autonomous invocation is enabled by default but is not combined with unusual credential access here.
Assessment
This skill appears to do what it says, but review these points before installing: 1) The script asks you to put your WeChat app_id and app_secret into config.json — consider storing secrets in a secure store rather than a plain file. 2) The --install command runs pip install on bundled requirements (requests, BeautifulSoup, markdown, pyyaml, Pillow); installing packages from PyPI will execute third-party code — prefer a controlled virtualenv. 3) Use --dry-run first to verify rendered output and avoid accidental publishes; the script will fetch arbitrary URLs and call WeChat APIs, so only run it in an environment you trust. 4) If you need higher assurance, review the remainder of scripts/publish_wechat.py (the network calls and upload flow) or run it in an isolated container.Like a lobster shell, security has layers — review code before you run it.
latestvk977w3nrd5mps666rk6en227gd82m3pp
License
MIT-0
Free to use, modify, and redistribute. No attribution required.