WeChat Article Writer

End-to-end 微信公众号 article writing and publishing — from topic ideation to published article, with quality gates.

What to check before installing or running this skill: - Metadata mismatch: The skill bundle and docs expect WeChat API credentials and image-provider API keys (ZAI/OPENROUTER/GLM) and a secrets.json path, but the registry metadata declares no required env vars or config paths. Treat that as a red flag and ask the maintainer why the metadata is incomplete. - Inspect the installer: Open scripts/setup.sh and scripts/publish_via_api.py before running. The setup script will install runtimes (bun), dependencies and register a systemd service (wechat-preview.service on port 8898). Installing services usually needs sudo and leaves a persistent network-facing component — only run if you trust the code or run it inside an isolated VM/container. - Secrets handling: The skill writes/reads ~/.wechat-article-writer/secrets.json and pipeline-state.json which can contain the WeChat token/appid/appsecret. Prefer using a low‑privilege WeChat account or test account; do not supply production credentials until you’ve audited the code. - Network calls and third parties: The skill will call external endpoints — WeChat APIs and third‑party image providers (Z.AI/OpenRouter). Confirm which hosts and endpoints publish_via_api.py and generate scripts call, and be aware of cost implications for image generation (doc lists providers and per-image cost). - Prefer non‑privileged testing: If you want to try only formatting/preview functionality, avoid giving browser/CDP access or publishing credentials; run the renderer locally to produce formatted.html and serve it manually instead of running setup.sh. - If you must run it: run setup in an isolated environment (container or disposable VM), review logs and network traffic, and verify the systemd unit content before enabling it. Ask the publisher to update the registry metadata to declare required env vars and config paths so permissions are explicit. If you want, I can: (a) point out the exact lines in setup.sh and publish_via_api.py that create services or send credentials, (b) produce a minimal checklist of what to audit in those scripts, or (c) suggest a safer containerized install procedure.

Type: OpenClaw Skill Name: wechat-article-forge Version: 2.4.1 The skill exhibits numerous high-risk capabilities, including extensive file system access (reading credentials from `~/.wechat-article-writer/secrets.json`), broad network access to external APIs (WeChat, Z.AI/OpenRouter) and arbitrary URLs (via `web_search`, `web_fetch`, `curl`), and browser automation with HTML/JS injection. The `writing_prompt_injection` field in `references/default-voice-profile.json` and `references/voice-profile-schema.json`, along with the direct insertion of `VOICE PROFILE` into `references/writer-prompt.md`, creates explicit prompt injection vectors. While these capabilities are plausibly necessary for the stated purpose of an article publishing pipeline, their power and the presence of direct prompt injection opportunities make the skill highly susceptible to abuse if untrusted input is processed or if a malicious `voice-profile.json` is loaded. There is no clear evidence of intentional malicious behavior, but the potential for exploitation is significant.