微信公众号内容全流程助手:热点抓取 → 选题 → 框架 → 写作 → SEO/去AI痕迹 → 视觉AI → 排版推送草稿箱。 触发关键词:公众号、推文、微信文章、微信推文、草稿箱、微信排版、选题、热搜、 热点抓取、封面图、配图、写公众号、写一篇、主题画廊、排版主题、容器语法。 也覆盖:markdown 转微信格式...
Security Analysis
medium confidenceThe skill's description (WeChat article assistant) matches its code, but the runtime instructions and code request access to credentials and files that are not declared — and they perform operations (reading home config, running git pull, calling external APIs, requiring LLM keys) that are disproportionate or under-specified.
The skill claims to be a WeChat public-account content pipeline, which reasonably needs WeChat API credentials and an image-generation API key and may call web search/LLM. However the package declares no required environment variables or primary credential, yet scripts/instructions clearly expect: wechat appid/secret (fetch_stats.py), an image API key (SKILL.md checks image.api_key), and LLM/LLM-provider keys (build_playbook.py mentions ANTHROPIC_API_KEY / ARK). Also some toolkit scripts probe multiple config locations (including Path.home()), which goes beyond the stated baseDir. These mismatches (needed secrets not declared; cross-dir config probing) are incoherent with the declared metadata.
SKILL.md instructs the Agent to run many local Python scripts, read and write files under the skill directory, and to call external services (WeChat datacube APIs, web_search, image generation). The scripts also look for config files in the user's home (~/.config/wewrite/config.yaml) and CWD, so the agent may read user config outside the skill folder. The pipeline also runs 'git pull origin main' to update itself. These runtime steps are within the skill's purpose but extend scope to: (1) reading config files in user home, (2) network requests to APIs, and (3) pulling remote code — all of which are not reflected in the skill's declared requirements and should be explicitly called out to the user.
There is no install spec (instruction-only), which reduces upfront supply-chain risk. However the repository contains many Python scripts and a requirements.txt; SKILL.md suggests running 'pip install -r requirements.txt' when dependencies are missing. That means code will be executed locally with dependencies installed ad-hoc by the user/agent. No archived/remote installers were included, which is lower installer risk, but executing 'git pull origin main' later can replace local code with remote code and is a runtime supply-chain vector.
The skill requests no environment variables in metadata, but code and instructions clearly require credentials: WeChat appid/secret (fetch_stats.py), an image API key (image generation module and SKILL.md), and optionally LLM API keys (build_playbook.py mentions ANTHROPIC_API_KEY / ARK API key). The skill also searches multiple config paths (including the user's home directory) for config.yaml, which may cause it to read unrelated credentials on the host. The missing declaration of these required secrets and the wide config path probing are disproportionate and increase risk.
always: false (good). The skill can be invoked autonomously (disable-model-invocation: false), which is normal. It also includes an update step that runs 'git pull origin main' in the skill directory; while updating itself is understandable for a tool, it gives the skill the ability to change its code at runtime when the agent executes that step. Combined with the other concerns (undeclared credentials, home-config probing), this increases the operational blast radius and warrants caution.
Guidance
In plain terms — the skill appears to do what it says (write and publish WeChat articles), but its code and runtime steps expect credentials and access that were not declared in the skill metadata, and it will look for config files beyond the skill folder and can pull code from the network. Before installing or running this skill: - Expect to provide WeChat credentials (appid + secret) if you want publishing/stats to work, and an image API key if you want image generation. The skill does not list these as required env vars, so supply them consciously and avoid putting other secrets in the same config file. - Review toolkit/wechat_api.py, scripts/fetch_stats.py, and toolkit/image_gen.py to confirm what is sent to external endpoints and whether any identifiers are logged or transmitted. - Be cautious about the 'git pull origin main' update step: running it will fetch and run remote code. Only run updates from a trusted repository or inspect the fetched changes before executing. - The scripts search multiple config locations (including ~/.config/wewrite/config.yaml). If you have unrelated configs in your home directory, move or inspect them; sensitive credentials there could be read. - Dependencies are installed ad-hoc via pip if needed; run pip install in a virtualenv or sandbox and inspect requirements.txt first. - If you want minimal risk, run the skill in an isolated environment (container or VM), give it only the credentials it needs for the features you intend to use, and avoid granting it broad access to your home directory or long-lived LLM keys unless necessary. If you want, I can list the specific files and lines that reference external endpoints, home paths, or LLM keys so you (or an admin) can audit them before use.
Latest Release
v1.1.3
**WeWrite 1.1.3 — Major update: 进度追踪、范文库和参数优化全面增强** - 全新进度追踪:主管道 8 步全过程自动生成任务,支持 step 级 in_progress/completed 状态、随时可见当前进度。 - 范文风格注入:支持 references/exemplars/index.yaml 范文库,写作自动模仿真实段落节奏和结构。范文库为空时用 seeds 兜底,导入命令和建库规则已明确。 - 配套脚本新增:scripts/diagnose.py(配置/反AI检测诊断)、scripts/extract_exemplar.py(文章自动提取范文段落),支持自然语言触发。 - 写作参数自动优化:支持参数文件写优化闭环流程,替换原 optimize_loop.py 脚本,支持人感分多轮自适应调整和最优快照推荐。 - 版本检查与升级提醒:自动
Popular Skills
Published by @oaker-io on ClawHub
