OpenClaw Weixin Channel
Security checks across malware telemetry and agentic risk
Overview
The artifacts describe a coherent WeChat channel, but installing it means trusting the plugin with QR-login credentials and automated WeChat message/file handling.
Before installing, verify the npm publisher, use a trusted machine, and understand that this plugin can persist WeChat login credentials and send/receive WeChat messages and files through the linked account. For privacy-sensitive or multi-account use, enable per-channel/per-peer context isolation.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anyone who can read or misuse the plugin's local state may be able to affect the linked WeChat channel session.
The plugin stores per-account login data, including tokens, on disk after QR login; file permissions are restricted best-effort, but the credential remains sensitive.
fs.writeFileSync(filePath, JSON.stringify(data, null, 2), "utf-8"); ... fs.chmodSync(filePath, 0o600);
Install only on a trusted machine, protect the OpenClaw state directory, and consider using a dedicated WeChat account for bot/channel use.
After authorization, the agent/channel can send messages or files to WeChat peers as part of normal operation.
The advertised channel capability includes receiving WeChat messages and sending text, rich media, and file replies through the account integration.
接收微信消息、回复图文/文字/文件
Enable the plugin only for accounts and conversations where automated replies are acceptable, and review any OpenClaw controls for allowed senders or channel scope.
Private messages from one WeChat account or sender could influence another conversation if context isolation is not enabled.
The documentation discloses that WeChat conversations may share AI context unless the user enables per-channel/per-peer isolation.
By default, all channels share the same AI conversation context. To isolate conversation context for each WeChat account: openclaw config set agents.mode per-channel-per-peer
For multi-account or privacy-sensitive use, set `agents.mode` to `per-channel-per-peer` before connecting accounts.
Using the quick installer runs code from another package, so provenance matters even though the manual install path is available.
The optional quick-install path executes a separate npm CLI package, while the reviewed manifest primarily covers `@tencent-weixin/openclaw-weixin`.
npx -y @tencent-weixin/openclaw-weixin-cli install
Prefer the documented manual install or verify the CLI package publisher and contents before running the npx command.
If the uninstall helper is invoked, it will run the OpenClaw plugin uninstall command for this plugin.
The static scan found shell execution, but the command is fixed and scoped to uninstalling this plugin rather than using user-controlled shell input.
execSync("openclaw plugins uninstall openclaw-weixin", { stdio: "inherit" });Run uninstall commands only intentionally; no evidence in the provided artifacts shows arbitrary or hidden shell execution.