Back to skill
Skillv1.0.1
ClawScan security
WeChat Draft Publisher · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 12, 2026, 5:12 AM
- Verdict
- benign
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- The skill's code, runtime instructions, and required WeChat credentials align with its stated purpose (writing + publishing drafts to a WeChat public account); there are minor gaps to be aware of (optional image API env vars are used but not declared, and image generation sends content to third‑party image services).
- Guidance
- This skill appears to do what it says: generate articles and publish drafts to a WeChat account. Before installing, consider: 1) Protect your WECHAT_APPSECRET (store config.json with tight filesystem permissions or use env vars). 2) If you enable AI images (IMAGE_API_KEY / IMAGE_API_BASE_URL), article text and image prompts plus the image API key will be sent to the third‑party image provider — only enable that if you trust the provider. 3) The skill will download images returned by the image API and write them to a temporary directory; review the code if you need stricter validation. 4) Note that IMAGE_API_* env vars are used by the scripts but not declared in the skill metadata — ensure you know where those keys would be set. 5) Run requirements installation (pip3 install -r requirements.txt) in a controlled environment and inspect config.json (example provided) before populating it. If you want higher assurance, run the scripts locally with test credentials or review network calls/logging in a safe environment.
Review Dimensions
- Purpose & Capability
- okName/description (WeChat draft publishing) match the code and runtime behavior: the skill requires python3 and WeChat appid/appsecret, and contains scripts to generate images, format HTML and call the official WeChat APIs. The declared primary credential (WECHAT_APPID) and required env vars (WECHAT_APPID, WECHAT_APPSECRET) are appropriate.
- Instruction Scope
- noteSKILL.md instructs the agent to run the provided publish.py which performs the full flow (image generation, formatting, uploading, creating a WeChat draft). The SKILL.md explicitly forbids revealing raw config.json contents and provides a safe check command. One mismatch: the runtime scripts optionally read IMAGE_API_KEY / IMAGE_API_BASE_URL / IMAGE_MODEL from env or config.json for AI image generation, but those optional env vars are not listed in the skill's declared requires.env metadata. Also the skill will send article text and image prompts to third-party image APIs when enabled — this is expected for the feature but is additional data flow the user should consider.
- Install Mechanism
- okNo install spec (instruction-only install) and the code is shipped with the skill. It relies only on python3 and common Python libraries (requests, Pillow). No arbitrary remote downloads or extract steps are present in the install metadata.
- Credentials
- noteThe required credentials (WECHAT_APPID, WECHAT_APPSECRET) are proportionate to the stated purpose. However, the code also uses optional image-related env vars (IMAGE_API_KEY, IMAGE_API_BASE_URL, IMAGE_MODEL) which are not listed in requires.env; these are optional but will be read at runtime if present. Users should recognize that an image API key (if provided) and article content/prompts are transmitted to that external image provider.
- Persistence & Privilege
- okThe skill does not request always:true and does not modify other skills or system-wide settings. It runs as-invoked and executes the provided Python scripts; autonomous invocation is allowed by default but not a special privilege here.