← Back to Skills Marketplace
sipingme

Wechat Md Publisher Skill

by PING SI · GitHub ↗ · v1.0.10 · MIT-0
cross-platform ✓ Security Clean
867
Downloads
0
Stars
2
Active Installs
76
Versions
Install in OpenClaw
/install wechat-md-publisher-skill
Description
发布 Markdown 文章到微信公众号,支持草稿管理、多主题、智能图片处理、自动封面图。推荐与 news-to-markdown-skill 配合使用实现一键转载(支持本地图片)。
Usage Guidance
这看起来是一个功能一致的微信公众号发布 Skill,但在使用前请采取以下步骤: - 在同意安装并全局安装 wechat-md-publisher 之前,审计上游仓库中的关键文件,尤其是 src/services/account.ts(查看加密算法、密钥派生、文件权限和是否使用 AEAD 模式)。 - 使用环境变量传递 AppSecret,避免在命令行或日志中泄露。若不能审计包或不信任它,请先在隔离环境(专用 VM/容器/沙箱账号)中测试并使用测试公众号。 - 为满足微信 IP 白名单要求,应优先在固定公网 IP(推荐云服务器)上运行,避免在频繁变动的家庭网络上直接存放生产凭证。 - 谨慎使用 theme add-remote:远程主题端点可能接收文章正文/元数据,只对完全信任的第三方开启该功能。 - 定期检查 ~/.config/wechat-md-publisher-nodejs/ 的文件权限,必要时在发现凭证疑似泄露后立即在微信公众平台重置 AppSecret。 总体来说,技能本身并不表现出恶意或不相称的请求,但其安全性高度依赖于上游 npm 包实现与用户的部署环境。
Capability Analysis
Type: OpenClaw Skill Name: wechat-md-publisher-skill Version: 1.0.10 The wechat-md-publisher-skill is a well-documented tool for managing WeChat Official Account content. It employs a security-conscious execution model in `scripts/run.js` that uses in-process dynamic imports of a globally installed package instead of risky sub-process calls or `npx`. The skill includes robust input validation (regex for themes, length limits, and option-injection guards) and provides explicit instructions for users to audit the upstream repository (sipingme/wechat-md-publisher). All requested permissions and network access (api.weixin.qq.com) are strictly aligned with its stated purpose.
Capability Assessment
Purpose & Capability
Skill 声明的目标(将 Markdown 发布到微信公众号、处理本地图片、草稿和主题)与包含的文件和运行逻辑一致。请求访问本地 Markdown/图片 与 写入 ~/.config/wechat-md-publisher-nodejs/ 以及可选的 WECHAT_APP_ID/WECHAT_APP_SECRET 均合理匹配功能。
Instruction Scope
SKILL.md 和脚本限定了行为(要求显式全局安装、需固定公网 IP、可选远程主题会向第三方端点发送内容)。run.js 自身不会 spawn 子进程或做网络调用,它只是验证并导入本机已安装的 wechat-md-publisher。但 upstream 包 将实际读取 Markdown/图片并与微信 API 通信——SKILL.md 明确指出应审计上游 account.ts,以验证凭证加密逻辑。远程主题(theme add-remote)可能会将文章正文发送给第三方,已在文档中以警告形式暴露。
Install Mechanism
安装指定为从 npm registry 全局安装 wechat-md-publisher(npm install -g ...),并且技能不会自动安装/自动更新,这降低了运行时供应链风险。但 npm 是中等级别的信任面:应在安装前审计 upstream 源码与发布包。没有使用不明 URL 或提取远程归档,且 launcher 依赖全球 node_modules 解析。
Credentials
仅声明了可选的 WECHAT_APP_ID/WECHAT_APP_SECRET,且文档把它们标为敏感并建议用环境变量传递,这与功能相称。需要注意:凭证会由上游 npm 包存储到 ~/.config/wechat-md-publisher-nodejs/(声称使用 AES-256),但技能本身不实现加密——因此凭证安全性取决于该 npm 包的实现,需审计 src/services/account.ts 或在受控环境中使用。
Persistence & Privilege
没有设置 always:true。技能不会修改其他技能配置或请求系统范围特权。它会在用户主目录下写入自身配置/缓存目录(~/.config/wechat-md-publisher-nodejs/),这与其用途一致。
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install wechat-md-publisher-skill
  3. After installation, invoke the skill by name or use /wechat-md-publisher-skill
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.10
- 安全模型重大升级:Skill 执行方式由每次 npx 拉取切换为全局 npm 安装+in-process 动态 import,彻底消除运行时供应链风险。 - 现在必须提前手动全局安装 wechat-md-publisher(npm install -g),Skill 仅调用本机已安装版本、不再联网拉包。 - 安装方式、风险提示、审计建议和推荐用法等文档全面更新,强调账号凭证加密的上游依赖与最佳实践。 - install 字段 riskLevel 降为 low,riskReason 描述同步更新。 - 所有示例命令统一改为 wechat-pub(不再推荐用 npx)。 - 其余行为与功能无变化。
v1.0.9
Version 1.0.9 - No file changes detected in this release. - Skill metadata, usage instructions, and feature descriptions remain the same as version 1.0.7. - No new features, bug fixes, or documentation updates introduced in this version.
v1.0.8
Version 1.0.8 (no file changes detected): - No file or configuration changes since the previous release (1.0.7). - All functionality, requirements, installation methods, and documentation remain unchanged.
v1.0.7
- Bumped wechat-md-publisher version to 1.0.7 for npx install and all usage examples. - Updated documentation and commands to use version 1.0.7 everywhere. - No other user-facing changes.
v1.0.6
版本同步
v1.0.5
- Updated dependency version from wechat-md-publisher 1.0.4 to 1.0.5 in all docs, config, and command-line examples. - Adjusted install instructions, execution paths, and usage examples to reference version 1.0.5. - No functional changes beyond version bump and corresponding documentation updates.
v1.0.4
v1.0.4: 版本对齐 [email protected]
v1.0.3
- Updated to version 1.0.3. - Changed npm package version references to 1.0.3 in install instructions and usage examples. - Environment variable requirements for WECHAT_APP_ID and WECHAT_APP_SECRET are now optional (previously required); added a note about providing credentials via environment variable or CLI. - No code changes; only documentation/config updates.
v1.0.2
升级到 1.0.2,配套 wechat-md-publisher ^1.0.2
v1.0.0
升级到 1.0.0,配套 wechat-md-publisher ^1.0.0
v0.8.38
统一脚本命名为 run.js;添加 postinstall.js 帮助信息脚本;统一所有文件版本号到 0.8.38
v0.8.37
修复安全审计问题(凭证暴露和远程主题风险);更新 README.md 所有命令为 npx 方式执行
v0.8.36
统一 SKILL.md 和 config.json 的 install 规范,解决安全审计不一致问题
v0.8.35
更新 install 规范为 npx 类型,修复安全审计问题
v0.8.34
使用 npx 方式执行,清理冗余文件
v0.8.33
版本升至0.8.33,同步 wechat-md-publisher 0.8.21
v0.8.30
- Bump version to 0.8.30. - Documentation updates in SKILL.md. - Meta and configuration files updated for latest version.
v0.8.29
- Update version to 0.8.29 - Documentation (SKILL.md) updated to reflect latest version, but no new features or major content changes observed - Internal metadata and config version numbers incremented for alignment with release
v0.8.26
fix: ensure metadata consistency for env vars and security notes; chore: bump version to 0.8.26
v0.8.25
chore: bump version to 0.8.25; fix: replace Chinese field names for clawhub
Metadata
Slug wechat-md-publisher-skill
Version 1.0.10
License MIT-0
All-time Installs 2
Active Installs 2
Total Versions 76
Frequently Asked Questions

What is Wechat Md Publisher Skill?

发布 Markdown 文章到微信公众号,支持草稿管理、多主题、智能图片处理、自动封面图。推荐与 news-to-markdown-skill 配合使用实现一键转载(支持本地图片)。 It is an AI Agent Skill for Claude Code / OpenClaw, with 867 downloads so far.

How do I install Wechat Md Publisher Skill?

Run "/install wechat-md-publisher-skill" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Wechat Md Publisher Skill free?

Yes, Wechat Md Publisher Skill is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Wechat Md Publisher Skill support?

Wechat Md Publisher Skill is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Wechat Md Publisher Skill?

It is built and maintained by PING SI (@sipingme); the current version is v1.0.10.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463815 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259802 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200680 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191345 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190333 · by oswalpalash

💬 Comments