← 返回 Skills 市场

"微信公众号草稿上传"

Name: "微信公众号草稿上传"
Author: cnspica

作者 Sean zheng · GitHub ↗ · v1.0.0 · MIT-0

cross-platform ⚠ suspicious

195

总下载

当前安装

版本数

在 OpenClaw 中安装

/install wechat-mp-draft-cnspica

功能描述

将本地 Markdown 文章上传到微信公众号草稿箱。当用户提到"上传文章到公众号"、"发布到微信公众号"、"推送到公众号草稿"等场景时应使用本技能。本技能通过调用微信公众平台 API，自动完成 Markdown 转 HTML、封面图生成/上传、创建草稿等全流程操作。

安全使用建议

This skill appears to implement the advertised WeChat draft upload flow, but exercise caution before installing/ running it. Key points: - Do not run scripts/run_upload.py as-is. It hard-codes an AppID and AppSecret plus an absolute path; running it would use those embedded credentials. Treat those as accidental secrets. If those credentials are real, they should be revoked/rotated. - Prefer running scripts/upload_draft.py manually and provide your AppID/AppSecret and file paths on the command line as documented in SKILL.md. - Inspect and remove any hard-coded credentials from the repository. Search the repo for other secrets before use. - The scripts contact only expected endpoints: the official WeChat API hosts (api.weixin.qq.com) and a placeholder image host (placehold.co). If you require fully offline operation, provide a local cover image and do not allow network access. - Run in an isolated environment (or sandbox) the first time to confirm behavior and outputs, and review the saved draft_*.html files to verify no unexpected content is included. If you can provide confirmation that the embedded AppID/AppSecret are dummy/test values, confidence would increase; if they are valid, treat this as a credential leak and rotate them immediately.

功能分析

Type: OpenClaw Skill Name: wechat-mp-draft-cnspica Version: 1.0.0 The skill bundle is classified as suspicious primarily due to the inclusion of `scripts/run_upload.py`, which contains hardcoded WeChat credentials (AppID and AppSecret) and specific local file paths, representing a significant security vulnerability and credential leak. This script also utilizes `exec()` to execute local code. While the core logic in `scripts/upload_draft.py` and `scripts/get_draft.py` appears to be a legitimate implementation for managing WeChat Official Account drafts via official APIs (api.weixin.qq.com), the inclusion of sensitive developer artifacts and insecure execution patterns makes the bundle risky for general use.

能力评估

ℹ Purpose & Capability

The code (markdown → HTML, cover generation, upload to WeChat material API, create draft) matches the skill description. However, the repository contains a test runner (scripts/run_upload.py) that hard-codes AppID, AppSecret and an absolute path to a Markdown file — these embedded credentials are not required by the SKILL.md usage examples and are unexpected.

ℹ Instruction Scope

SKILL.md instructs only running scripts/upload_draft.py with CLI-supplied AppID/AppSecret and local file paths (appropriate). The included scripts read local Markdown and cover image files (expected). The presence of scripts/run_upload.py that overrides sys.argv and execs upload_draft.py means a user or automated tooling could accidentally run an upload using embedded credentials — this expands the effective scope if someone runs that file.

✓ Install Mechanism

No install spec is provided (instruction-only style). The skill's code uses only standard Python libraries and optionally Pillow; there is no downloaded archive or third-party installer in the manifest.

⚠ Credentials

The skill does not request environment variables, and the runtime behavior expects AppID/AppSecret provided as CLI args (proportional). However, scripts/run_upload.py contains hard-coded credentials (AppID and AppSecret) and an absolute local path — embedding credentials in shipped code is a secret-leak risk and disproportionate to the stated purpose.

✓ Persistence & Privilege

The skill does not request persistent/automatic inclusion (always:false) and does not modify other skills or system configuration. It only writes local files (HTML drafts) as part of normal operation.

如何使用

确保已安装 OpenClaw（本地或 Docker 部署）
在对话框中输入安装命令：/install wechat-mp-draft-cnspica
安装完成后，直接呼叫该 Skill 的名称或使用 /wechat-mp-draft-cnspica 触发
根据 Skill 的参数说明提供必要输入，即可获得结构化输出

版本历史

v1.0.0

- Initial release of wechat-mp-draft skill. - Allows users to upload local Markdown articles to WeChat Official Account draft box, converting Markdown to HTML, uploading/auto-generating a cover image, and creating drafts via WeChat API. - Provides detailed instructions and troubleshooting for setup, usage, parameters, and common errors. - Includes support for optional author and digest fields, automatic cover generation, and Python/Pillow environment checks. - Guides users through adding IP to WeChat whitelist if needed.

元数据

Slug wechat-mp-draft-cnspica

版本 1.0.0

许可证 MIT-0

累计安装 0

当前安装数 0

历史版本数 1

常见问题

"微信公众号草稿上传" 是什么？

将本地 Markdown 文章上传到微信公众号草稿箱。当用户提到"上传文章到公众号"、"发布到微信公众号"、"推送到公众号草稿"等场景时应使用本技能。本技能通过调用微信公众平台 API，自动完成 Markdown 转 HTML、封面图生成/上传、创建草稿等全流程操作。它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件，目前累计下载 195 次。

如何安装 "微信公众号草稿上传"？

在 OpenClaw 或 Claude Code 对话框中运行命令「/install wechat-mp-draft-cnspica」即可一键安装，无需额外配置。

"微信公众号草稿上传" 是免费的吗？

是的，"微信公众号草稿上传" 完全免费，采用 MIT-0 许可证，可自由下载、安装和使用。

"微信公众号草稿上传" 支持哪些平台？

"微信公众号草稿上传" 跨平台运行，可在任意部署了 OpenClaw / Claude Code 的环境中使用（cross-platform）。

谁开发了 "微信公众号草稿上传"？

由 Sean zheng（@cnspica）开发并维护，当前版本 v1.0.0。