微信公众号文章创作

微信公众号内容工作室 — 支持多来源权威搜索、多站点文章抓取、AI 改写、封面生成、智能排版发布的一站式工具

What to consider before installing: - Metadata mismatch: The registry lists no required credentials, but the SKILL.md and code require sensitive keys (OPENAI_API_KEY, WECHAT_APP_ID/SECRET, DASHSCOPE_API_KEY, proxy settings). Treat that as an inconsistency — confirm with the author before providing secrets. - .env loading: The skill auto-loads .env files from the skill root and from your home (~/.openclaw/.env and ~/.workbuddy/.env). That means any secrets in those files will be read into the process. If you keep unrelated credentials in those files, run the skill in a controlled environment or set OPENCLAW_ENV_FILE to point to a dedicated .env. - Review and isolate: Inspect the included scripts (they are present in the package). Because the skill can execute shell commands (execSync), run browser automation, and perform network I/O, you should: run it in an isolated VM/container, or a throwaway account; audit calls that perform exec or external requests (especially publish_browser and smart-optimize); and avoid global npm installs — prefer local install. - Limit privileges: Do not expose production WeChat or other high-value credentials until you've validated behavior. Use test accounts or API keys with limited permissions. - Pay attention to third-party installs: The SKILL.md instructs npm/pip installs (including a global npm package). Prefer to pin and inspect those packages or install them in a virtualenv/local node_modules rather than globally. - Prompt-injection signal: The pre-scan flagged a possible system-prompt-override pattern in SKILL.md. Review SKILL.md for any content that attempts to influence agent/system prompts or to instruct the agent beyond the declared commands. If you want, I can (a) scan the specific files that import execSync and any code paths that perform network POSTs or remote uploads, (b) list exact env keys the skill will read, or (c) suggest a minimal safe run plan (container commands and environment overrides) to test it without exposing your real credentials.

Type: OpenClaw Skill Name: wechat-content-studio Version: 1.0.0 The bundle provides a comprehensive content creation and publishing studio but exhibits high-risk behaviors, specifically reading sensitive environment files from the user's home directory (~/.openclaw/.env and ~/.workbuddy/.env) in scripts/lib/openclaw_env.js. It also makes extensive use of shell command execution (execSync and spawnSync) in scripts/main.js and scripts/publisher/publish_browser.js to interact with external CLI tools and Python scripts. While these capabilities are aligned with the stated purpose of scraping and publishing, the broad file access and use of shell execution without visible input sanitization create a significant risk for credential theft or command injection.