Skillv0.1.0

ClawScan security

Zhy Wechat Writing · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 15, 2026, 12:57 PM

Verdict: Benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions, required tools, and optional integrations are coherent with a WeChat-article writing pipeline; it is instruction-only and requests no hidden credentials, but some optional steps (publishing, image upload, reusing a Chrome profile) can expose sensitive data via auxiliary skills and should be treated carefully.
Guidance: This skill appears to do what it says (generate WeChat articles, gather sources, optionally add illustrations and save drafts). Before installing/using: (1) Review and separately inspect any auxiliary skills it calls (zhy-article-illustrator, zhy-markdown2wechat, zhy-wechat-publish) because those will likely require API keys/credentials and could upload data to third-party services. (2) Do NOT pass a full personal Chrome profile unless you understand the implications — prefer creating a minimal dedicated profile or using an official API/credential-based publish flow. (3) If you enable illustration upload (七牛/Qiniu) or publishing, confirm where images and article HTML will be uploaded and whether credentials are stored; provide least-privilege credentials. (4) Be aware the skill will crawl public web pages (and may attempt SERP scraping as a fallback); ensure you are comfortable with the agent fetching and storing scraped content in the articles/<slug>/ directory. (5) If you need higher assurance, ask for the auxiliary skills' SKILL.md/README files and their required env vars before enabling image upload or automatic draft publishing.
Findings: [no-findings] expected: Regex scanner had no code to analyze because this is an instruction-only skill (SKILL.md + README). No automated findings were produced; review of SKILL.md surfaced the behaviors summarized above.

Review Dimensions

Purpose & Capability: okName and description match what the SKILL.md instructs: multi-source search, evidence collection, draft generation, optional illustration, HTML conversion, and saving to a WeChat draft. Declared tools (WebSearch, webfetch) and optional helper skills (zhy-article-illustrator, zhy-markdown2wechat, zhy-wechat-publish) are consistent with the described functionality.
Instruction Scope: noteInstructions direct the agent to crawl/search many public sources, fetch and parse web pages, write outputs under articles/<slug>/, and optionally call other skills. These actions are within the stated purpose. Two items merit attention: (1) an optional wechat_profile_dir can cause the agent to reuse a browser profile (cookies/session artifacts) for publishing, which exposes local credentials/session state if provided; (2) the skill's fallback scraping behavior (SERP scraping when WebSearch is unavailable) can cause broader, unpredictable network fetches. Both are expected for this use case but require conscious user consent/controls.
Install Mechanism: okThis skill is instruction-only with no install spec and no code files, so it does not install or write new binaries. That minimizes install-time risk.
Credentials: noteThe skill itself declares no required environment variables or credentials, which is proportionate. However, optional flows depend on auxiliary skills that will require credentials (e.g., image upload to 七牛/Qiniu, WeChat draft publishing). The SKILL.md references these integrations but does not declare or manage their env vars — users must ensure auxiliary skills' credentials are provided securely and understand what they grant. Supplying a Chrome profile path can expose session cookies and should be done with caution.
Persistence & Privilege: okalways:false and default model invocation are normal. The skill writes outputs to a workspace (articles/<slug>/...), which is appropriate for its function. It does not request persistent platform-level privileges or attempt to modify other skills' configurations.