Zhy Wechat Publish
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill largely matches its WeChat draft-publishing purpose, but it under-scopes credential handling and can run an external cover-generation helper that is not included in the reviewed files.
Review before installing. If you use it, create a dedicated skill-local .env containing only the WeChat and image-provider keys needed, avoid running it from projects with unrelated secrets, and separately review the zhy-article-illustrator helper before using automatic cover generation.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If run from a project with other secrets in .env, the skill may gain access to more credentials than are needed for WeChat draft publishing.
The loader imports every variable from several .env locations, not just WECHAT_* or declared image-provider keys. This can pull unrelated project secrets into the skill process and its child processes.
const candidates = [path.resolve(skillDir, '.env'), path.resolve(process.cwd(), '.env'), path.resolve(skillDir, '..', '..', '..', '.env')]; ... process.env[key] = value;
Use a skill-local .env with only the required WeChat/image variables, declare required credentials in metadata, and restrict the loader to an allowlist of expected keys.
Using automatic cover generation may execute unreviewed local code with access to the skill's environment variables.
The automatic cover path runs a sibling helper script that is not included in the reviewed file manifest, creating a provenance gap for code that receives article-derived prompts and the inherited environment.
return path.resolve(__dirname, '..', '..', 'zhy-article-illustrator', 'scripts', 'image-gen.ts'); ... runCommand('bun', [imageGenScript, '--prompt', prompt, '--output', coverPath, '--ar', aspectRatio], ...)Review or include/pin the zhy-article-illustrator helper, and pass a minimal environment to child processes instead of the full process.env.
A mistaken invocation could create unwanted drafts or upload images to the account's material library, though the README says it does not final-publish articles.
The script uses the WeChat API to create official-account drafts, which is the stated purpose but still changes account state.
const url = `https://api.weixin.qq.com/cgi-bin/draft/add?access_token=${token}`;Confirm the target account, title, HTML file, and images before running, and review the draft in WeChat before publishing.
Running the automatic workflow executes local Node/Bun scripts on your machine.
The skill executes local commands for its documented workflow. shell:false reduces shell-injection risk, but it is still local code execution.
const result = spawnSync(command, args, { cwd: options.cwd || process.cwd(), encoding: 'utf8', env: options.env || process.env, shell: false });Run this only from a trusted installation and avoid using the automatic cover path unless you also trust the referenced helper script.