← 返回 Skills 市场
微信文章读取
作者
lcwatergm-afk
· GitHub ↗
· v1.0.0
· MIT-0
92
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install weixin-article-read
功能描述
读取微信公众平台文章内容(mp.weixin.qq.com)。当用户发送微信文章链接、需要读取微信文章内容、提取公众号文章时自动激活。支持突破微信反爬限制,获取完整文章文本。
安全使用建议
This skill appears to do what it claims (fetch and parse WeChat article pages), but review these before installing:
- Functional gaps: The script uses curl and beautifulsoup4 but the skill metadata does not declare curl as a required binary and the README suggests installing beautifulsoup4; ensure curl is available and pip-install the dependency before use.
- Shell-injection risk: The script builds a curl command string including the user-provided URL and calls subprocess.run(..., shell=True). If a maliciously crafted URL is passed, it could execute arbitrary shell commands. Prefer a version that uses the requests library or subprocess.run([...], shell=False) with proper URL validation.
- Legal/ethical: The skill explicitly aims to 'bypass anti-scraping' protections; check terms of service and legal constraints for scraping mp.weixin.qq.com and respect rate limits.
- Hardening suggestions: Ask the author to (1) declare curl in required binaries, (2) replace shell-based curl calls with requests or a safe subprocess invocation, (3) validate/sanitize input URLs, and (4) optionally add timeout/error handling and user-agent comments in metadata.
If you cannot vet the author or run the skill in a sandboxed environment, treat the shell-injection risk as a blocker for use with untrusted inputs.
功能分析
Type: OpenClaw Skill
Name: weixin-article-read
Version: 1.0.0
The skill contains a critical shell injection vulnerability in `scripts/read_weixin_article.py`. The script uses `subprocess.run(shell=True)` to execute a `curl` command where the user-provided URL is directly interpolated into the command string without sanitization. While the script's logic is consistent with its stated purpose of fetching WeChat articles, this flaw allows for arbitrary command execution if a crafted URL is provided.
能力评估
Purpose & Capability
The name/description, SKILL.md, and the included script all align: they fetch WeChat public-article pages and parse the content. However, the metadata declares no required binaries even though the script uses curl and requires beautifulsoup4; the omission is an inconsistency that should be corrected.
Instruction Scope
Runtime instructions tell the agent to run the included Python script with a user-supplied URL. The script constructs a shell command that embeds the URL and runs curl via subprocess.run(..., shell=True) without sanitizing the URL, which creates a shell-injection risk if an attacker can supply a malicious URL. Otherwise the instructions stay within the stated purpose (network fetch and HTML parsing).
Install Mechanism
This is an instruction-only skill with a small shipped script and no install spec. Nothing is downloaded at install time. The lack of an install step minimizes install-time risk.
Credentials
The skill requests no environment variables or credentials, which is appropriate for a simple web-scraping/parsing tool.
Persistence & Privilege
The skill is not force-installed (always:false) and uses normal autonomous invocation defaults. It doesn't request elevated persistence or modify other skills.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install weixin-article-read - 安装完成后,直接呼叫该 Skill 的名称或使用
/weixin-article-read触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
首发版本:突破微信反爬限制读取公众号文章
元数据
常见问题
微信文章读取 是什么?
读取微信公众平台文章内容(mp.weixin.qq.com)。当用户发送微信文章链接、需要读取微信文章内容、提取公众号文章时自动激活。支持突破微信反爬限制,获取完整文章文本。 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 92 次。
如何安装 微信文章读取?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install weixin-article-read」即可一键安装,无需额外配置。
微信文章读取 是免费的吗?
是的,微信文章读取 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
微信文章读取 支持哪些平台?
微信文章读取 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 微信文章读取?
由 lcwatergm-afk(@lcwatergm-afk)开发并维护,当前版本 v1.0.0。
推荐 Skills