← 返回 Skills 市场
yangchao228

wx-md-article

作者 Sundy Yang · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
298
总下载
1
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install wx-md-article
功能描述
Automatically generate WeChat public account articles from Markdown and upload them to the draft folder with clean, professional formatting and color rules.
安全使用建议
This skill does what it says (converts Markdown and uploads to WeChat) but the package includes a config.json with an appid and appsecret embedded. Do NOT use those credentials. Before installing or running: (1) Replace the appid/appsecret in config.json with your own WeChat credentials (or modify the scripts to read credentials from a secure location or env vars); (2) Rotate the embedded credentials if you control the referenced account, and avoid uploading sensitive content while using third-party credentials; (3) Be aware the script prints part of the access_token to stdout — avoid running it where logs are public; (4) Inspect and run the scripts in an isolated environment first; (5) If you don't own the embedded appid, do not rely on or trust that account (it could be abused to collect drafts under that third-party account). If the author intended the config values to be placeholders, they should be clearly marked as such; absence of that clarification is the main reason this package is suspicious.
功能分析
Type: OpenClaw Skill Name: wx-md-article Version: 1.0.0 The skill bundle contains hardcoded WeChat API credentials (appid and appsecret) in config.json, which is a significant security risk. Additionally, wechat-article.sh is highly vulnerable to Remote Code Execution (RCE) because it uses double-quoted strings within sed commands (e.g., sed "s/{{TITLE}}/$title/g") to process user-supplied arguments, allowing for shell command substitution. While these represent critical security flaws, they appear to be unintentional vulnerabilities rather than intentional malicious logic.
能力评估
Purpose & Capability
Name/description match the code: scripts convert Markdown to HTML and call WeChat APIs to upload drafts. However, instead of declaring required credentials or prompting the user to supply them, the package includes a config.json with an appid and appsecret embedded — that is unusual and should be justified (example config is expected, but these look like real values).
Instruction Scope
SKILL.md and the scripts confine themselves to converting the provided input file, building HTML, and calling api.weixin.qq.com endpoints. They do not read unrelated system files or call external endpoints beyond the WeChat API. One scope note: the script echoes part of the access_token to stdout which can leak secrets into logs.
Install Mechanism
There is no remote-install step or downloads. This is an instruction+script package; nothing is fetched from arbitrary URLs at install time. Risk surface is limited to the included shell scripts being run locally.
Credentials
The skill declares no required environment variables or primary credential, yet config.json contains an appid and appsecret (and a default thumb_media_id). Bundling active credentials in the package is disproportionate and dangerous: the script will use those credentials to act on behalf of that WeChat account rather than the user's account. The skill should instead prompt for or document replacing these with the user's own credentials.
Persistence & Privilege
The skill does not request persistent or system-wide privileges (always:false). It writes temporary files under /tmp while running and cleans them up; it does not modify other skills or system configs.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install wx-md-article
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /wx-md-article 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
WeChat Article Generator Skill v1.1.0 — Now even more streamlined and professional. - Updated design for a clean, professional style: unified colors, removed emojis, simplified formatting. - Standardized markdown-to-WeChat article rendering rules, with clear typography and color guidelines. - Improved configuration options for color and styling via config.json. - Updated usage instructions and examples for clarity. - Documented file structure and dependencies for easier setup.
元数据
Slug wx-md-article
版本 1.0.0
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 1
常见问题

wx-md-article 是什么?

Automatically generate WeChat public account articles from Markdown and upload them to the draft folder with clean, professional formatting and color rules. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 298 次。

如何安装 wx-md-article?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install wx-md-article」即可一键安装,无需额外配置。

wx-md-article 是免费的吗?

是的,wx-md-article 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

wx-md-article 支持哪些平台?

wx-md-article 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 wx-md-article?

由 Sundy Yang(@yangchao228)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191113 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论