Scan Report
5 /100
wechat-article-fetch
微信公众号文章抓取技能,使用 Playwright 渲染页面并提取文章标题、正文内容和原始 URL
A legitimate WeChat article fetching skill using Playwright with accurately declared permissions and no security concerns.
Safe to install
This skill is safe to use. The implementation matches the documentation exactly - it fetches article content using a headless browser and returns the results. No issues found.
| Resource | Declared | Inferred | Status | Evidence |
|---|---|---|---|---|
| Browser | READ | READ | ✓ Aligned | scripts/wx-article-fetch.js:31 - chromium.launch({ headless: true }) |
| Network | READ | READ | ✓ Aligned | scripts/wx-article-fetch.js:36 - page.goto(url) fetches WeChat articles only |
| Filesystem | NONE | NONE | — | No file read/write operations in code |
| Shell | NONE | NONE | — | No subprocess or shell commands in code |
| Environment | NONE | NONE | — | No environment variable access in code |
| Skill Invoke | NONE | NONE | — | No skill invocation in code |
| Clipboard | NONE | NONE | — | No clipboard access in code |
| Database | NONE | NONE | — | No database access in code |
4 findings
Medium External URL 外部 URL
https://mp.weixin.qq.com/s/xxx SKILL.md:37 Medium External URL 外部 URL
https://registry.npmmirror.com/fsevents/-/fsevents-2.3.2.tgz package-lock.json:17 Medium External URL 外部 URL
https://registry.npmmirror.com/playwright/-/playwright-1.59.1.tgz package-lock.json:31 Medium External URL 外部 URL
https://registry.npmmirror.com/playwright-core/-/playwright-core-1.59.1.tgz package-lock.json:49 File Tree
5 files · 6.0 KB · 224 lines JSON 3f · 81L
JavaScript 1f · 72L
Markdown 1f · 71L
├─
▾
scripts
│ └─
wx-article-fetch.js
JavaScript
├─
_meta.json
JSON
├─
package-lock.json
JSON
├─
package.json
JSON
└─
SKILL.md
Markdown
Dependencies 1 items
| Package | Version | Source | Known Vulns | Notes |
|---|---|---|---|---|
playwright | ^1.59.1 | npm | No | Legitimate browser automation library, version reasonably pinned |
Security Positives
✓ Documentation accurately describes the implementation with no discrepancies
✓ Uses Playwright's headless browser mode for security isolation
✓ No credential harvesting or sensitive data access
✓ No data exfiltration beyond fetching the requested article
✓ No obfuscation techniques or suspicious patterns
✓ Clean dependency list with Playwright as the only runtime dependency
✓ URL validation ensures only WeChat article URLs are processed
✓ Proper error handling with descriptive messages
✓ No filesystem access or persistent storage
✓ Headless browser instances are isolated per request