Trust Report

baoyu-post-to-wechat

Posts content to WeChat Official Account (微信公众号) via API or Chrome CDP. Supports article posting (文章) with HTML, markdown, or plain text input, and image-text posting (贴图, formerly 图文) with multiple images. Markdown article workflows default to converting ordinary external links into bottom citations for WeChat-friendly output. Use when user mentions "发布公众号", "post to wechat", "微信公众号", or "贴图/图文/文章".

SUSPICIOUS

Format: openclawScanner: v0.8.0Duration: 30msScanned: 4h ago · May 11, 3:11 AMSource →

Open community →Automate with the API →Join the discussion →Jump to findings →

Embed this badge

[![AgentVerus](https://agentverus.ai/api/v1/skill/3b0acf41-b577-4a3d-9ba0-78d7273957fd/badge)](https://agentverus.ai/skill/3b0acf41-b577-4a3d-9ba0-78d7273957fd)

Community Discussion

Community Comments

Public comments are the active feedback surface on skill reports right now. Use them to share implementation notes, edge cases, and operator context.

0 comments

No comments yet. Be the first to share your thoughts.

Continue the workflow

Keep this report moving through the activation path: rescan from the submit flow, capture real-world interactions, and wire the trust endpoint into your automation.

Rescan this skill →Record an interaction →Open comments →Automate this report →

https://agentverus.ai/api/v1/skill/3b0acf41-b577-4a3d-9ba0-78d7273957fd/trust

Personalized next commands

Use these current-skill command blocks to keep this exact report moving through your workflow.

Record an interaction

curl -X POST https://agentverus.ai/api/v1/interactions \
  -H "Authorization: Bearer at_your_api_key" \
  -H "Content-Type: application/json" \
  -d '{"agentPlatform":"openclaw","skillId":"3b0acf41-b577-4a3d-9ba0-78d7273957fd","interactedAt":"2026-03-15T12:00:00Z","outcome":"success"}'

Fetch trust JSON

curl https://agentverus.ai/api/v1/skill/3b0acf41-b577-4a3d-9ba0-78d7273957fd/trust

Category Scores

Permissions

100

Injection

Dependencies

Behavioral

Content

100

Code Safety

Findings (17)

highCapability contract mismatch: inferred command execution is not declared-12

The scanner inferred a risky capability from the skill content/metadata, but no matching declaration was found. Add a declaration with a clear justification, or remove the behavior.

Content pattern: npx

→ Declare this capability explicitly in frontmatter permissions with a specific justification, or remove the risky behavior.

permissionsASST-03

highExternal instruction override file detected-15

Found external instruction override file pattern: "EXTEND.md" Merged overlapping signals from the repeated finding family: - External instruction override file detected

## Preferences (EXTEND.md)

→ Be explicit when external project/home files can override skill behavior. Treat sidecar config or instruction files as untrusted input and constrain what they are allowed to change.

behavioralASST-11

highOS input automation detected-15

Found os input automation pattern: "paste keystroke" Related auth/profile context: - auth/session capability-contract context — Capability contract mismatch: inferred browser auth/session capabilities are not declared

Checks: Chrome, profile isolation, Bun, Accessibility, clipboard, paste keystroke, API credentials, Chrome conflicts.

→ Treat clipboard and synthetic keystroke automation as privileged local input control. Require explicit user approval and avoid combining it with authenticated browser sessions unless necessary.

behavioralASST-03

mediumCapability contract mismatch: inferred file write is not declared-8

The scanner inferred a risky capability from the skill content/metadata, but no matching declaration was found. Add a declaration with a clear justification, or remove the behavior.

Content pattern: Save to `post-to-wechat/YYYY-MM-DD/<slug>.md` (create directory

→ Declare this capability explicitly in frontmatter permissions with a specific justification, or remove the risky behavior.

permissionsASST-03

mediumCapability contract mismatch: inferred file read is not declared-6

The scanner inferred a risky capability from the skill content/metadata, but no matching declaration was found. Add a declaration with a clear justification, or remove the behavior.

Content pattern: references/

→ Declare this capability explicitly in frontmatter permissions with a specific justification, or remove the risky behavior.

permissionsASST-03

mediumCapability contract mismatch: inferred filesystem discovery is not declared-8

The scanner inferred a risky capability from the skill content/metadata, but no matching declaration was found. Add a declaration with a clear justification, or remove the behavior.

Content pattern: {baseDir}

→ Declare this capability explicitly in frontmatter permissions with a specific justification, or remove the risky behavior.

permissionsASST-03

mediumCapability contract mismatch: inferred configuration override is not declared-8

The scanner inferred a risky capability from the skill content/metadata, but no matching declaration was found. Add a declaration with a clear justification, or remove the behavior.

Content pattern: EXTEND.md

→ Declare this capability explicitly in frontmatter permissions with a specific justification, or remove the risky behavior.

permissionsASST-03

mediumCapability contract mismatch: inferred network access is not declared-6

The scanner inferred a risky capability from the skill content/metadata, but no matching declaration was found. Add a declaration with a clear justification, or remove the behavior.

Content pattern: https://github.com/JimLiu/baoyu-skills#baoyu-post-to-wechat

→ Declare this capability explicitly in frontmatter permissions with a specific justification, or remove the risky behavior.

permissionsASST-04

mediumCapability contract mismatch: inferred documentation ingestion is not declared-8

The scanner inferred a risky capability from the skill content/metadata, but no matching declaration was found. Add a declaration with a clear justification, or remove the behavior.

Content pattern: references/

→ Declare this capability explicitly in frontmatter permissions with a specific justification, or remove the risky behavior.

permissionsASST-03

mediumCapability contract mismatch: inferred local input control is not declared-8

The scanner inferred a risky capability from the skill content/metadata, but no matching declaration was found. Add a declaration with a clear justification, or remove the behavior.

Content pattern: paste keystroke

→ Declare this capability explicitly in frontmatter permissions with a specific justification, or remove the risky behavior.

permissionsASST-03

mediumCapability contract mismatch: inferred package bootstrap is not declared-8

The scanner inferred a risky capability from the skill content/metadata, but no matching declaration was found. Add a declaration with a clear justification, or remove the behavior.

Content pattern: npx -y bun

→ Declare this capability explicitly in frontmatter permissions with a specific justification, or remove the risky behavior.

permissionsASST-03

mediumCapability contract mismatch: inferred environment configuration is not declared-8

The scanner inferred a risky capability from the skill content/metadata, but no matching declaration was found. Add a declaration with a clear justification, or remove the behavior.

Content pattern: XDG_CONFIG_HOME

→ Declare this capability explicitly in frontmatter permissions with a specific justification, or remove the risky behavior.

permissionsASST-03

mediumSystem modification detected (inside code block)-6

Found system modification pattern: "npm install -g"

| Bun runtime | `brew install oven-sh/bun/bun` or `npm install -g bun` |

→ Skills should not modify system configuration or install packages globally. Bundle required dependencies.

behavioralASST-03

mediumCredential-bearing URL parameter-8

The skill includes a URL whose query parameters look like they carry cookies, auth state, or token material. URLs are commonly logged and replayed, so credential-bearing parameters expand the dependency risk surface even on first-party domains. Related auth/profile context: - overlapping signals from the same local context — Unknown external reference

https://api.weixin.qq.com/cgi-bin/draft/add?access_token=ACCESS_TOKEN`

→ Avoid query-string credential transport. Prefer secure headers, dedicated cookie APIs, or other mechanisms that do not expose bearer material in URLs.

dependenciesASST-04

mediumPackage bootstrap execution detected (inside code block)-5

Found package bootstrap execution pattern: "npx -y bun"

`{baseDir}` = this SKILL.md's directory. Resolve `${BUN_X}`: prefer `bun`; else `npx -y bun`; else suggest `brew install oven-sh/bun/bun`.

→ Surface package bootstrap commands for review. Ephemeral package execution and install-time dependency pulls increase supply-chain risk, especially when versions are not pinned or provenance is unclear.

behavioralASST-04

mediumSkill path discovery detected (inside code block)-5

Found skill path discovery pattern: "{baseDir}"

`{baseDir}` = this SKILL.md's directory. Resolve `${BUN_X}`: prefer `bun`; else `npx -y bun`; else suggest `brew install oven-sh/bun/bun`.

→ Treat dynamic skill path resolution and installation-path discovery as local filesystem reconnaissance. Scope which paths may be read or executed from, and avoid broad path probing unless the user explicitly requested it.

behavioralASST-03

lowNo explicit safety boundaries-10

The skill does not include explicit safety boundaries defining what it should NOT do.

No safety boundary patterns found

→ Add a 'Safety Boundaries' section listing what the skill must NOT do (e.g., no file deletion, no network access beyond needed APIs).

contentASST-09