Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
OpenClaw Weixin Channel
v2.0.1OpenClaw 微信 channel 插件,支持扫码登录授权。接收微信消息、回复图文/文字/文件,提供完整的微信通道集成。
⭐ 2· 641·2 current·3 all-time
by@alichor
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The skill name/description (Weixin channel QR-login + messaging) matches the code and install metadata. Declared requirement is the openclaw binary and the install is an npm package @tencent-weixin/openclaw-weixin, both consistent with a plugin for the OpenClaw host. There are no unrelated required environment variables or surprising binaries.
Instruction Scope
SKILL.md gives ordinary install/config/login commands. The runtime code legitimately reads/writes OpenClaw plugin state (accounts, sync buffers, per-account JSON files), reads the OpenClaw config (optionally via OPENCLAW_CONFIG), and performs HTTP POSTs to backend endpoints (default baseUrl ilinkai.weixin.qq.com and CDN novac2c.cdn.weixin.qq.com). Those behaviours are expected for a messaging channel plugin but are worth noting because the plugin persists auth tokens and state locally and makes network calls to the Weixin backend/CDN.
Install Mechanism
Install is via an npm package (@tencent-weixin/openclaw-weixin). This is a standard, traceable distribution channel. The package.json/lock show dependencies and devDependencies; no arbitrary downloads from untrusted URLs or extract-from-URL steps are present in the install metadata provided.
Credentials
The plugin declares no required environment secrets and only requires the openclaw CLI. The runtime optionally checks process.env.OPENCLAW_CONFIG for an alternate config path (a reasonable convenience). No unrelated credential environment variables (AWS keys, generic SECRET/TOKEN, etc.) are requested.
Persistence & Privilege
The plugin persists per-account credentials and state files under the OpenClaw state dir (~/.openclaw or configured path), and caches config like typing tickets. It does not request always:true and does not modify other plugins' configs. Storing tokens locally is expected for an integration that holds login sessions, but users should be aware that account tokens and sync buffers are kept on disk.
Assessment
This package appears to be a coherent Weixin/WeChat channel plugin for OpenClaw. Before installing: 1) Verify the npm package publisher and version on the npm registry (confirm it's from the expected Tencent/organization account) and prefer installing from the official registry; 2) Ensure you have the required openclaw CLI and Node >=22 as specified; 3) Understand the plugin will create and store per-account files and tokens in your OpenClaw state directory (~/.openclaw by default) and will make network requests to Weixin backend and CDN endpoints; 4) If you need higher assurance, inspect the full package on the npm registry (or the upstream repo/homepage) and confirm the package integrity/signature and publisher identity, since the supplied metadata here lacks an external homepage/source URL.src/log-upload.ts:76
Shell command execution detected (child_process).
src/messaging/process-message.ts:428
Environment variable access combined with network send.
src/api/api.ts:37
File read combined with network send (possible exfiltration).
src/cdn/upload.ts:62
File read combined with network send (possible exfiltration).
src/log-upload.ts:106
File read combined with network send (possible exfiltration).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.Like a lobster shell, security has layers — review code before you run it.
latestvk976gt7mtnrzrq5abfqszkzfdh83n4bn
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
Binsopenclaw
Install
Install Weixin Channel Plugin (npm)
npm i -g @tencent-weixin/openclaw-weixin