← 返回 Skills 市场
94
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install wechat-article-auto-gen
功能描述
自动抓取和改写公众号文章,生成分镜、AI 配图和封面,输出符合 MUX 品牌风格的完整 HTML 图文内容。
安全使用建议
This skill largely does what its description promises, but there are several red flags you should consider before installing or using it:
- Hard-coded API key: SKILL.md contains a literal API key and API URL for a third‑party image service. Treat this as suspicious — it may be a placeholder, a leaked key, or an invitation to use someone else's quota. Do not rely on embedded keys; require the author to remove it and document how to supply your own credential via environment variables or config.
- Missing code provenance: The documentation mentions multiple code files (scraper.py, rewriter.py, etc.) but the package contains only SKILL.md and _meta.json. Ask the publisher for the full source or provenance before trusting runtime behavior.
- Network and data exfiltration risk: At runtime the skill will fetch arbitrary web articles and send content to external services (image generation API, potentially LLM endpoints). That can leak copyrighted or sensitive contents. Verify legal compliance for scraping target sites and ensure you control which external endpoints are used.
- Replace hard-coded secrets and review endpoints: If you plan to run this, replace any embedded keys with your own credentials, whitelist allowed external hosts, and run the skill in a network-restricted/sandboxed environment until you can confirm behavior.
- Ask for clarifications: Request the missing code files, a clear list of all external endpoints the skill calls, and explicit instructions on how to supply credentials. If the author cannot provide these, treat the skill as untrusted.
If you must test it: run in an isolated environment, monitor outbound network traffic, and do not use sensitive or production credentials until you've verified the code and provenance.
功能分析
Type: OpenClaw Skill
Name: wechat-article-auto-gen
Version: 1.0.0
The skill bundle contains a hardcoded API key for the Volcano Engine (Volcengine) image generation service (565ec265-1b1e-4fa4-bcd8-c3d37c6a6198) within the `SKILL.md` file. While the code logic for scraping, rewriting, and image generation aligns with the stated purpose of automating WeChat articles for a fitness brand, the inclusion of static credentials and the lack of input validation in the `scrape_article` function (potential SSRF) represent significant security vulnerabilities rather than intentional malice.
能力评估
Purpose & Capability
The described purpose (scraping WeChat articles, rewriting to MUX brand, generating AI images, building HTML) aligns with the actions shown in SKILL.md. However, the SKILL.md references additional code files (config.py, scraper.py, rewriter.py, etc.) that are not present in the package manifest, which is inconsistent and reduces provenance. Also the document embeds a literal API key/URL for a third-party image service instead of declaring credentials or requiring the user to provide them.
Instruction Scope
Instructions explicitly tell the agent to scrape external article URLs, send content to an LLM-based rewrite step, call a third-party image-generation API, write image files, open/save fonts and images, and embed images as Base64 in HTML. Scraping arbitrary URLs and sending article content to external services can expose potentially sensitive or copyrighted content. The SKILL.md contains concrete network endpoints and a hardcoded API key, meaning runtime will involve external network calls beyond the local agent.
Install Mechanism
There is no install spec and no code files bundled (instruction-only). That lowers direct install risk because nothing is written or executed by an installer. The risk comes from runtime network calls and file I/O described in SKILL.md rather than from an install mechanism.
Credentials
The skill declares no required environment variables or credentials, yet the document includes a hard-coded API key ('565ec265-1b1e-4fa4-bcd8-c3d37c6a6198') and an explicit API URL for image generation. This is inconsistent: either the key is a placeholder or it's a leaked/embedded credential. No guidance is given for replacing this with the user's own credential, and no other credentials (e.g., for scraping protected content or for LLM APIs) are declared.
Persistence & Privilege
The skill is not marked always:true and does not request elevated or persistent platform privileges. It does instruct writing image and HTML files to disk, which is a normal behavior for content-generation tools and is scoped to the skill's outputs.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install wechat-article-auto-gen - 安装完成后,直接呼叫该 Skill 的名称或使用
/wechat-article-auto-gen触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
wechat-article-auto-gen 1.0.0 初始版本发布
- 提供微信公众号文章批量采集、AI 改写和自动 HTML 生成的完整流水线
- 支持文章抓取解析、MUX 化内容重写、分镜拆分及 AI 配图和封面自动生成
- 配备标准化文章结构、提示词模板及品牌化内容指导
- 输出符合公众号要求的 HTML 版成品文章,图片支持 Base64 内嵌
- 完善的模块化代码和清晰文件结构,便于扩展与二次开发
元数据
常见问题
Wechat Article Auto Gen 是什么?
自动抓取和改写公众号文章,生成分镜、AI 配图和封面,输出符合 MUX 品牌风格的完整 HTML 图文内容。 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 94 次。
如何安装 Wechat Article Auto Gen?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install wechat-article-auto-gen」即可一键安装,无需额外配置。
Wechat Article Auto Gen 是免费的吗?
是的,Wechat Article Auto Gen 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Wechat Article Auto Gen 支持哪些平台?
Wechat Article Auto Gen 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Wechat Article Auto Gen?
由 Dally-bee(@dally-bee)开发并维护,当前版本 v1.0.0。
推荐 Skills