Wechat Tutorial Editor Publisher

模仿作者写作风格，完成教程类微信公众号文章编写，输出 Markdown 文件，一键发布到微信公众号草稿箱。

This skill appears to be what it says (a frontend + helper scripts that wrap wenyan-cli to publish WeChat articles), but there are inconsistencies and insecure suggestions you should address before running it: - Do not follow the SKILL.md advice to 'md5 encrypt' and store AppId/AppSecret inside the skill directory. MD5 is not encryption; storing secrets in the skill folder risks accidental leakage. Prefer exporting WECHAT_APP_ID and WECHAT_APP_SECRET as environment variables or keeping them in a secure credential store. - The metadata did not declare required env vars, but publish.sh and setup.sh expect WECHAT_APP_ID/WECHAT_APP_SECRET in $HOME/.openclaw/workspace/TOOLS.md or as env vars. Verify and set credentials manually (or use the setup.sh which reads TOOLS.md) before running publish.sh. - Inspect publish.sh and setup.sh yourself (you just have them) before executing. publish.sh may auto-install wenyan-cli globally (npm install -g), which changes your system environment. If you want to avoid global installs, install wenyan-cli manually or run in an isolated environment (container / VM / dedicated machine user). - The included server (server.js) listens on localhost:3000 and saves uploaded personal info and images into the skill's assets/files directories. That is local-only in the code, but if you expose the port or run on a networked host be aware uploads are stored on disk. Run it locally and restrict network exposure. - Confirm the wenyan-cli project referenced (https://github.com/caol64/wenyan-cli) is the intended upstream before installing. The publish action will contact WeChat APIs — verify the IP whitelist and credentials are correct. - Because SKILL.md and the scripts disagree about where credentials are stored (TOOLS.md vs console.json), pick one safe approach and remove unused credential-storage instructions from the skill files to avoid confusion. If you are not comfortable with these inconsistencies or storing credentials, consider running the skill in an isolated environment or decline installation until the author fixes the metadata/instructions and removes the insecure credential-storage guidance.

Type: OpenClaw Skill Name: wechat-tutorial-editor-publisher Version: 1.0.0 The skill bundle exhibits several high-risk behaviors and security flaws, though clear malicious intent is not established. Most notably, SKILL.md instructs the AI agent to 'encrypt' sensitive WeChat AppID and AppSecret credentials using MD5 and 'decrypt' them later; since MD5 is a one-way hash and cannot be decrypted, this instruction leads to fundamentally broken credential management. Additionally, the bundle starts a local Express server (server.js) without authentication to collect user information and images, and the publish.sh script performs global NPM installations and reads from the sensitive TOOLS.md file to extract secrets. These patterns represent significant vulnerabilities and risky capabilities typical of over-privileged automation tools.