← Back to Skills Marketplace
650
Downloads
0
Stars
3
Active Installs
3
Versions
Install in OpenClaw
/install wechat-image-generator
Description
Generate beautiful images for WeChat articles (covers, comparisons, charts) with zero token cost. Use when user needs images for social media posts, article...
Usage Guidance
This skill appears to do what it says: generate static HTML templates and instruct you to take screenshots via a local browser tool. Before installing/using: (1) review and prefer running generate.py (which only writes HTML and prints safe commands) rather than auto_screenshot.py; the latter executes shell commands with shell=True and could be abused if you pass untrusted file paths. (2) The auto-screenshot behavior is partly unimplemented/buggy — screenshots are typically taken by running the printed 'browser open ... && browser screenshot ...' command yourself or using the serve.py + local http.server flow. (3) Run the scripts in a trusted or sandboxed environment if you are unsure about the 'browser' tool implementation. (4) If you plan to integrate this into automation, modify subprocess usage to avoid shell=True and to validate/escape paths to eliminate command-injection risk. Overall the package is coherent with its purpose but exercise standard caution when running helper scripts that invoke shell commands.
Capability Analysis
Type: OpenClaw Skill
Name: wechat-image-generator
Version: 1.0.2
The skill contains a critical shell injection vulnerability in `scripts/auto_screenshot.py` and `scripts/generate.py`. Both scripts construct and execute shell commands using `subprocess.run(..., shell=True)` or by printing commands for the agent to execute, without adequately sanitizing user-controlled input, specifically the `--output` path. This could allow a malicious prompt to inject arbitrary commands (e.g., `--output 'foo.png; rm -rf /'`) leading to remote code execution. While this is a severe vulnerability, there is no clear evidence of intentional malicious behavior such as data exfiltration or backdoor installation, aligning it with a 'suspicious' classification rather than 'malicious'.
Capability Assessment
Purpose & Capability
Name/description match the included files: Python scripts + HTML templates that produce cover/compare/chart HTML and guidance to capture screenshots via the OpenClaw 'browser' tool. Required binary (python3) and requested browser tool are appropriate and proportional. No unrelated environment variables, services, or install steps are present.
Instruction Scope
SKILL.md and README restrict actions to generating HTML files and opening them in a browser for screenshots using the OpenClaw browser tool or a local HTTP server. They do not instruct reading unrelated files or sending data to external endpoints. Two implementation issues to note: (1) generate.py prints the 'browser' commands for the user/agent to run rather than executing them directly (this is expected/safer), and (2) scripts/auto_screenshot.py attempts to invoke the 'browser' commands via subprocess.run(shell=True) but does not actually execute the final combined command (the code prints the combined_cmd and returns True). Additionally, auto_screenshot.py constructs shell commands with user-supplied file paths and executes them with shell=True — this creates a potential local command-injection risk if untrusted paths are passed to that script. This is an implementation vulnerability, not evidence of network exfiltration or unrelated scope creep.
Install Mechanism
No install spec or remote downloads. All code and templates are included in the package; there is no external installation or archive extraction. This is low-risk from an install mechanism perspective.
Credentials
The skill requires no environment variables or credentials. The sole declared runtime dependency (python3) and the implicit dependency on an OpenClaw 'browser' tool are directly relevant to the stated functionality.
Persistence & Privilege
The skill does not request always:true, does not modify other skills, and does not require system-level configuration. It is user-invocable and will not be force-included or persistently privileged.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install wechat-image-generator - After installation, invoke the skill by name or use
/wechat-image-generator - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.2
Add GitHub repository and homepage links
v1.0.1
Fix: Add logarithmic scale for better chart visualization when values differ greatly; Add min-height to ensure bars are visible
v1.0.0
Initial release: Generate cover, comparison, and chart images for WeChat articles
Metadata
Frequently Asked Questions
What is Wechat Image Generator?
Generate beautiful images for WeChat articles (covers, comparisons, charts) with zero token cost. Use when user needs images for social media posts, article... It is an AI Agent Skill for Claude Code / OpenClaw, with 650 downloads so far.
How do I install Wechat Image Generator?
Run "/install wechat-image-generator" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Wechat Image Generator free?
Yes, Wechat Image Generator is completely free (open-source). You can download, install and use it at no cost.
Which platforms does Wechat Image Generator support?
Wechat Image Generator is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Wechat Image Generator?
It is built and maintained by jingyu525 (@jingyu525); the current version is v1.0.2.
More Skills