← Back to Skills Marketplace

"微信公众号草稿上传"

Name: "微信公众号草稿上传"
Author: cnspica

by Sean zheng · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ⚠ suspicious

195

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install wechat-mp-draft-cnspica

Description

将本地 Markdown 文章上传到微信公众号草稿箱。当用户提到"上传文章到公众号"、"发布到微信公众号"、"推送到公众号草稿"等场景时应使用本技能。本技能通过调用微信公众平台 API，自动完成 Markdown 转 HTML、封面图生成/上传、创建草稿等全流程操作。

Usage Guidance

This skill appears to implement the advertised WeChat draft upload flow, but exercise caution before installing/ running it. Key points: - Do not run scripts/run_upload.py as-is. It hard-codes an AppID and AppSecret plus an absolute path; running it would use those embedded credentials. Treat those as accidental secrets. If those credentials are real, they should be revoked/rotated. - Prefer running scripts/upload_draft.py manually and provide your AppID/AppSecret and file paths on the command line as documented in SKILL.md. - Inspect and remove any hard-coded credentials from the repository. Search the repo for other secrets before use. - The scripts contact only expected endpoints: the official WeChat API hosts (api.weixin.qq.com) and a placeholder image host (placehold.co). If you require fully offline operation, provide a local cover image and do not allow network access. - Run in an isolated environment (or sandbox) the first time to confirm behavior and outputs, and review the saved draft_*.html files to verify no unexpected content is included. If you can provide confirmation that the embedded AppID/AppSecret are dummy/test values, confidence would increase; if they are valid, treat this as a credential leak and rotate them immediately.

Capability Analysis

Type: OpenClaw Skill Name: wechat-mp-draft-cnspica Version: 1.0.0 The skill bundle is classified as suspicious primarily due to the inclusion of `scripts/run_upload.py`, which contains hardcoded WeChat credentials (AppID and AppSecret) and specific local file paths, representing a significant security vulnerability and credential leak. This script also utilizes `exec()` to execute local code. While the core logic in `scripts/upload_draft.py` and `scripts/get_draft.py` appears to be a legitimate implementation for managing WeChat Official Account drafts via official APIs (api.weixin.qq.com), the inclusion of sensitive developer artifacts and insecure execution patterns makes the bundle risky for general use.

Capability Assessment

ℹ Purpose & Capability

The code (markdown → HTML, cover generation, upload to WeChat material API, create draft) matches the skill description. However, the repository contains a test runner (scripts/run_upload.py) that hard-codes AppID, AppSecret and an absolute path to a Markdown file — these embedded credentials are not required by the SKILL.md usage examples and are unexpected.

ℹ Instruction Scope

SKILL.md instructs only running scripts/upload_draft.py with CLI-supplied AppID/AppSecret and local file paths (appropriate). The included scripts read local Markdown and cover image files (expected). The presence of scripts/run_upload.py that overrides sys.argv and execs upload_draft.py means a user or automated tooling could accidentally run an upload using embedded credentials — this expands the effective scope if someone runs that file.

✓ Install Mechanism

No install spec is provided (instruction-only style). The skill's code uses only standard Python libraries and optionally Pillow; there is no downloaded archive or third-party installer in the manifest.

⚠ Credentials

The skill does not request environment variables, and the runtime behavior expects AppID/AppSecret provided as CLI args (proportional). However, scripts/run_upload.py contains hard-coded credentials (AppID and AppSecret) and an absolute local path — embedding credentials in shipped code is a secret-leak risk and disproportionate to the stated purpose.

✓ Persistence & Privilege

The skill does not request persistent/automatic inclusion (always:false) and does not modify other skills or system configuration. It only writes local files (HTML drafts) as part of normal operation.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install wechat-mp-draft-cnspica
After installation, invoke the skill by name or use /wechat-mp-draft-cnspica
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.0.0

- Initial release of wechat-mp-draft skill. - Allows users to upload local Markdown articles to WeChat Official Account draft box, converting Markdown to HTML, uploading/auto-generating a cover image, and creating drafts via WeChat API. - Provides detailed instructions and troubleshooting for setup, usage, parameters, and common errors. - Includes support for optional author and digest fields, automatic cover generation, and Python/Pillow environment checks. - Guides users through adding IP to WeChat whitelist if needed.

Metadata

Slug wechat-mp-draft-cnspica

Version 1.0.0

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 1

Frequently Asked Questions

What is "微信公众号草稿上传"?

将本地 Markdown 文章上传到微信公众号草稿箱。当用户提到"上传文章到公众号"、"发布到微信公众号"、"推送到公众号草稿"等场景时应使用本技能。本技能通过调用微信公众平台 API，自动完成 Markdown 转 HTML、封面图生成/上传、创建草稿等全流程操作。 It is an AI Agent Skill for Claude Code / OpenClaw, with 195 downloads so far.

How do I install "微信公众号草稿上传"?

Run "/install wechat-mp-draft-cnspica" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is "微信公众号草稿上传" free?

Yes, "微信公众号草稿上传" is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does "微信公众号草稿上传" support?

"微信公众号草稿上传" is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created "微信公众号草稿上传"?

It is built and maintained by Sean zheng (@cnspica); the current version is v1.0.0.

More Skills