wechat-mp-publisher

远程微信公众号发布技能 (合规优化版)。通过 HTTP MCP 解决家用宽带 IP 变动问题，支持安全凭证隔离与依赖检查。

What to check before installing or using this skill: - Trust the remote MCP server: publish-remote.sh sends your WECHAT_APP_ID and WECHAT_APP_SECRET to the configured MCP server. Only use this if you control or fully trust the target MCP instance and its operator. - Validate where credentials come from: the skill expects wechat.env in the skill folder but also includes scripts (scripts/setup.sh) that will read $HOME/.openclaw/workspace/TOOLS.md and export credentials. If you keep other secrets in TOOLS.md, those could be read — avoid sourcing setup.sh or remove secrets from TOOLS.md. - Verify declarations vs reality: the registry metadata claims no required env vars, but the code needs WECHAT_APP_ID/SECRET. Treat that mismatch as a warning—inspect and supply credentials deliberately (prefer a local wechat.env in the skill directory). - Inspect and verify the mcporter npm package: the install uses an npm package named mcporter that will create a binary; confirm its source (package author, homepage, pinned version) before installation to avoid supply-chain risks. - Use least privilege and isolation: run the skill in an isolated environment (container or throwaway VM) if you want to test it before trusting it with real credentials or your main workstation. - If you need a safer alternative: prefer using a MCP instance you control (self-hosted), or use local publishing (wenyan-cli) if you don't want to transmit secrets off your machine. If you want, I can: (a) highlight exact lines in the scripts that read global files or transmit credentials, (b) suggest safer modifications (e.g., remove setup.sh reading TOOLS.md, require explicit wechat.env only), or (c) draft a checklist for running this in a container.

Type: OpenClaw Skill Name: wechat-mp-publisher1 Version: 1.0.0 The skill bundle is designed to forward sensitive WeChat API credentials (APP_ID and APP_SECRET) to a remote MCP server. While documented as a feature to bypass IP whitelisting issues, the script `scripts/setup.sh` specifically extracts these secrets from the sensitive `TOOLS.md` file, and `scripts/publish-remote.sh` transmits them to an external HTTP endpoint. This architecture poses a high risk of credential exfiltration, especially as `SKILL.md` contains contradictory claims about avoiding the use of `TOOLS.md` for credential isolation.