← 返回 Skills 市场
197
总下载
1
收藏
0
当前安装
11
版本数
在 OpenClaw 中安装
/install wechat-daily-article
功能描述
微信公众号每日文章自动创作技能。搜索热点 → 撰写SEO优化文章 → 生成配图 → 上传草稿箱。含爆款标题模板、内容类型模板、搜一搜SEO优化。
安全使用建议
This skill appears to implement what it claims, but there are important red flags you should address before installing or handing over credentials:
- Missing manifest declarations: The skill bundle uses WECHAT_APPID and WECHAT_APPSECRET to get a WeChat access token, and optionally FEISHU_APP_ID/FEISHU_APP_SECRET/FEISHU_USER_OPEN_ID for notifications. The registry metadata lists no required env variables — confirm and require these be declared before use.
- Secret exposure risk: Only provide the minimal-scoped WeChat and Feishu credentials the skill needs. Prefer creating limited-scope service accounts and rotate keys after testing. Do not reuse high-privilege or account-wide secrets.
- Network & download behavior: The script will download arbitrary image URLs (from sites suggested in SKILL.md). Downloaded data is then uploaded to WeChat/Feishu. Consider running the skill in an isolated environment and validate image sources to avoid accidental malware downloads or copyright issues.
- SSL verification disabled: create_draft.py disables SSL certificate verification when downloading images (ssl.CERT_NONE). This weakens transport security and can enable MITM. Insist this be fixed (use default SSL verification) before trusting the skill with secrets.
- Inspect & audit code: Because the skill runs arbitrary network requests and handles secrets, review the included scripts (create_draft.py, feishu_sender.py) line-by-line or run them in a sandbox to ensure they only call the documented endpoints and do not exfiltrate data elsewhere.
If you proceed: supply only the minimal credentials, test in an isolated account/agent, verify SSL behavior, and require the publisher to update the skill manifest to declare required env vars and a homepage/source for accountability.
功能分析
Type: OpenClaw Skill
Name: wechat-daily-article
Version: 1.8.0
The skill bundle automates WeChat article creation but contains a significant security vulnerability in `scripts/create_draft.py`, where SSL certificate verification is explicitly disabled (`ssl.CERT_NONE`) during image downloads. This flaw exposes the agent to man-in-the-middle (MITM) attacks when fetching content from external URLs. While the code aligns with its stated purpose, the handling of sensitive credentials (WECHAT_APPSECRET, FEISHU_APP_SECRET) combined with the automated downloading of remote assets based on AI-generated content presents a high-risk surface for exploitation or prompt injection.
能力标签
能力评估
Purpose & Capability
The skill's stated purpose (generate WeChat articles and upload drafts) aligns with the included scripts (create_draft.py uploads images and creates a WeChat draft). However the skill registry metadata declares no required environment variables or primary credential, yet the included code clearly expects WECHAT_APPID and WECHAT_APPSECRET (and optionally FEISHU_APP_ID/FEISHU_APP_SECRET/FEISHU_USER_OPEN_ID). The omission of these required secrets from manifest is an incoherence and a security/operational risk.
Instruction Scope
SKILL.md stays within the declared workflow (search hotspots, write HTML, find images, save to /tmp, run create_draft.py). It instructs downloading arbitrary image URLs and uploading them. That is consistent with purpose but grants the skill the ability to fetch arbitrary external content and pass it to the platform. The script also uses platform-specific paths (/root/.openclaw/...) which may assume agent filesystem layout.
Install Mechanism
No install spec — instruction-only with bundled scripts. No remote downloads during install. This is low install risk; code ships in the skill bundle and will run on the agent if invoked.
Credentials
The manifest lists no environment variables but the code reads multiple secrets: WECHAT_APPID and WECHAT_APPSECRET (required by create_draft.py) and FEISHU_APP_ID / FEISHU_APP_SECRET / FEISHU_USER_OPEN_ID (used by feishu_sender.py). Requesting these credentials is reasonable for the claimed functionality, but the failure to declare them in requires.env is a significant mismatch and makes it unclear what secrets the skill will access. The multiplicity of credentials (WeChat + Feishu) should be explicitly declared.
Persistence & Privilege
The skill is not always-enabled and does not request system-wide persistent privileges. It writes temporary files under /tmp and reads environment variables. It does not modify other skills or system configs. However it will make outbound network calls to third-party APIs (WeChat, Feishu) and to arbitrary image URLs during normal operation.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install wechat-daily-article - 安装完成后,直接呼叫该 Skill 的名称或使用
/wechat-daily-article触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.6.1
排版样式大升级:紫蓝渐变标题、emoji列表图标、卡片式列表、渐变分隔线
v1.8.0
配图改为网络搜图,脚本支持自动下载上传网络图片
v1.7.0
清除硬编码凭证,改用环境变量
v1.6.0
wechat-daily-article v1.6.0
- 优化公众号结尾规范,新增朋友圈转发行动钩子模板,提升内容社交裂变与分享率。
- 结尾标签部分增加转发诱导语要求,避免遗漏,确保版本一致。
- 其余工作流和排版规则保持稳定,未引入业务逻辑变更。
v1.5.0
**Version 1.5.0 – 公众号“搜一搜”SEO规范与结构升级**
- 强化公众号搜一搜SEO优化:新增标题埋词、正文关键词布局、结尾标签与自检表,升级为必做项。
- 拆分内容类型模板至独立文档 `references/content-types.md`,主文档更聚焦总流程与SEO核心点,新增6种内容类型速查表。
- 新增、细化“搜一搜”爆款标题/正文规范、标签格式说明与发布自查项,提高长尾流量获取能力。
- 抖音图文规范扩写,明确图片上传参数及发布流程,修正飞书图片上传易错点。
- 新增发布时间建议,补充每类内容的最佳推送时序。
- 优化目录结构与文档指引,便于查找与维护。
v1.4.0
wechat-daily-article v1.4.0
- 增加了六种详细的文章内容结构类型模板(故事叙事、清单攻略、对比揭秘、沉浸体验、人物访谈、数据盘点),每种适用情境和写作要点分开展示。
- 提示写作前需判断并选择唯一内容类型,避免不同类型混用,提升文章质量和个性。
- 各类型模板包含结构、样例开头或对话范例,帮助快速套用并提升文章多样性。
- 其他内容规范、配图流程、发布脚本等未作变动。
v1.3.0
weChat-daily-article v1.3.0 changelog:
- 升级文章创作规范,新增「选题自检」和「爆款驱动」标题模板,避免低效选题和同质化内容。
- 加强开头写作指导,提供多种模板(反常识、共鸣、数据、好奇缺口)。
- 细化选题内容方向与发布时间策略,并按业务优先级排序。
- 补充内容自查清单、选题诊断及季节节点提醒,严控内容调性和时效性。
- 补充正文规范,要求高信息密度、反常识或独家信息、每300字设悬念反转。
- 优化文档结构,简化使用者导航。
v1.2.1
- 移除了示例中的飞书 app_id、app_secret 和 open_id,替换为占位符(如 <YOUR_APP_ID>、<YOUR_APP_SECRET>、<RECEIVER_OPEN_ID>)。
- 相应地,将代码段和配置示例中的敏感信息更换为可配置的占位符,提升安全性与可移植性。
- 其余工作流和使用说明未作变动。
v1.2.0
Version 1.2.0
- 新增 scripts/feishu_sender.py 脚本,实现飞书发送通知和图片的功能。
- SKILL.md 增加对抖音图文发布和飞书通知细节的支持,补充飞书图片上传参数和抖音内容规范说明。
- 规范补充:详细说明飞书图片上传 image_type 参数,避免常见 400 错误。
- 增强公众号/抖音一体化流程指引,细化正文结构与媒体资源管理。
v1.1.0
排版美化重大升级:1) 新增 beautify_html() 函数,自动重构内容结构;2) h2章节标题改为橙色渐变背景+白色字,与正文强烈区分;3) h3小节标题橙色竖线+浅底色;4) 自动高亮数字+量词和感受词;5) 自动将纯文本列表转换为👉图标列表;6) 正文17px+行高2.0两端对齐;7) 图片圆角+阴影;8) 引用块绿色边框+浅绿背景;9) 更新文章结尾CTA格式
v1.0.0
初始版本:自动化工作流覆盖搜索热点→撰写SEO文章→生成配图→保存草稿箱
元数据
常见问题
Wechat Daily Article 是什么?
微信公众号每日文章自动创作技能。搜索热点 → 撰写SEO优化文章 → 生成配图 → 上传草稿箱。含爆款标题模板、内容类型模板、搜一搜SEO优化。 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 197 次。
如何安装 Wechat Daily Article?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install wechat-daily-article」即可一键安装,无需额外配置。
Wechat Daily Article 是免费的吗?
是的,Wechat Daily Article 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Wechat Daily Article 支持哪些平台?
Wechat Daily Article 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Wechat Daily Article?
由 jimo970(@jimo970)开发并维护,当前版本 v1.8.0。
推荐 Skills