The Agent Skills Directory

[COMMAND_EXECUTION]: The scripts publish.js and publish_with_video.js use execFileSync to programmatically invoke npm and the wenyan CLI tool. The publish.js script specifically attempts to run npm install -g if the tool is missing, which involves global system changes.
[CREDENTIALS_UNSAFE]: The publishing scripts attempt to retrieve WECHAT_APP_ID and WECHAT_APP_SECRET from TOOLS.md files located in specific user home directory paths (e.g., ~/.openclaw/workspace-xina-gongzhonghao/TOOLS.md). This involves accessing sensitive configuration data outside the skill's own environment.
[EXTERNAL_DOWNLOADS]: The download.js and search_wechat.js scripts fetch and download HTML, images, and video media from mp.weixin.qq.com and weixin.sogou.com to the local filesystem. download.js uses Puppeteer with security flags disabled (--disable-web-security), which increases risk when rendering untrusted pages.
[PROMPT_INJECTION]: The skill's primary 'washing' feature involves ingesting untrusted articles from the internet. This creates a significant surface for indirect prompt injection, where malicious instructions embedded in an article could manipulate the agent during the rewriting process.
[DATA_EXFILTRATION]: While intended for functionality, the skill reads local article files and media to upload them to the WeChat Official Account API (api.weixin.qq.com), representing a trust-dependent data transfer path.

wechat-toolkit