← Back to Skills Marketplace
lcwatergm-afk

微信文章读取

by lcwatergm-afk · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
92
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install weixin-article-read
Description
读取微信公众平台文章内容(mp.weixin.qq.com)。当用户发送微信文章链接、需要读取微信文章内容、提取公众号文章时自动激活。支持突破微信反爬限制,获取完整文章文本。
Usage Guidance
This skill appears to do what it claims (fetch and parse WeChat article pages), but review these before installing: - Functional gaps: The script uses curl and beautifulsoup4 but the skill metadata does not declare curl as a required binary and the README suggests installing beautifulsoup4; ensure curl is available and pip-install the dependency before use. - Shell-injection risk: The script builds a curl command string including the user-provided URL and calls subprocess.run(..., shell=True). If a maliciously crafted URL is passed, it could execute arbitrary shell commands. Prefer a version that uses the requests library or subprocess.run([...], shell=False) with proper URL validation. - Legal/ethical: The skill explicitly aims to 'bypass anti-scraping' protections; check terms of service and legal constraints for scraping mp.weixin.qq.com and respect rate limits. - Hardening suggestions: Ask the author to (1) declare curl in required binaries, (2) replace shell-based curl calls with requests or a safe subprocess invocation, (3) validate/sanitize input URLs, and (4) optionally add timeout/error handling and user-agent comments in metadata. If you cannot vet the author or run the skill in a sandboxed environment, treat the shell-injection risk as a blocker for use with untrusted inputs.
Capability Analysis
Type: OpenClaw Skill Name: weixin-article-read Version: 1.0.0 The skill contains a critical shell injection vulnerability in `scripts/read_weixin_article.py`. The script uses `subprocess.run(shell=True)` to execute a `curl` command where the user-provided URL is directly interpolated into the command string without sanitization. While the script's logic is consistent with its stated purpose of fetching WeChat articles, this flaw allows for arbitrary command execution if a crafted URL is provided.
Capability Assessment
Purpose & Capability
The name/description, SKILL.md, and the included script all align: they fetch WeChat public-article pages and parse the content. However, the metadata declares no required binaries even though the script uses curl and requires beautifulsoup4; the omission is an inconsistency that should be corrected.
Instruction Scope
Runtime instructions tell the agent to run the included Python script with a user-supplied URL. The script constructs a shell command that embeds the URL and runs curl via subprocess.run(..., shell=True) without sanitizing the URL, which creates a shell-injection risk if an attacker can supply a malicious URL. Otherwise the instructions stay within the stated purpose (network fetch and HTML parsing).
Install Mechanism
This is an instruction-only skill with a small shipped script and no install spec. Nothing is downloaded at install time. The lack of an install step minimizes install-time risk.
Credentials
The skill requests no environment variables or credentials, which is appropriate for a simple web-scraping/parsing tool.
Persistence & Privilege
The skill is not force-installed (always:false) and uses normal autonomous invocation defaults. It doesn't request elevated persistence or modify other skills.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install weixin-article-read
  3. After installation, invoke the skill by name or use /weixin-article-read
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
首发版本:突破微信反爬限制读取公众号文章
Metadata
Slug weixin-article-read
Version 1.0.0
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 1
Frequently Asked Questions

What is 微信文章读取?

读取微信公众平台文章内容(mp.weixin.qq.com)。当用户发送微信文章链接、需要读取微信文章内容、提取公众号文章时自动激活。支持突破微信反爬限制,获取完整文章文本。 It is an AI Agent Skill for Claude Code / OpenClaw, with 92 downloads so far.

How do I install 微信文章读取?

Run "/install weixin-article-read" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is 微信文章读取 free?

Yes, 微信文章读取 is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does 微信文章读取 support?

微信文章读取 is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created 微信文章读取?

It is built and maintained by lcwatergm-afk (@lcwatergm-afk); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments