Wechat Oa
AdvisoryAudited by VirusTotal on Apr 18, 2026.
Overview
Type: OpenClaw Skill Name: wechat-oa Version: 1.5.0 The wechat-oa skill bundle is a legitimate toolkit for managing WeChat Official Account drafts and materials. The core logic in wechat_push.py and generate_infographic.py interacts exclusively with official WeChat API endpoints (api.weixin.qq.com) to perform administrative tasks like draft creation, image uploads, and subscriber management. The code uses standard libraries (requests, Pillow) and follows the stated purpose without any evidence of data exfiltration, malicious execution, or harmful prompt injection.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing and configuring this skill gives it access to sensitive WeChat account capabilities, including content deletion and follower/user lookup.
The code loads a persistent WeChat AppSecret and uses it for account-level APIs, including deleting drafts and listing users; this is broader than a simple draft viewer and the registry declares no primary credential.
CONFIG_FILE = Path(__file__).parent / "config.json" ... APP_SECRET = CONFIG.get("APP_SECRET", "") ... API_DRAFT_DELETE = "https://api.weixin.qq.com/cgi-bin/draft/delete" ... API_USER_LIST = "https://api.weixin.qq.com/cgi-bin/user/get"Use only with an account you control, protect config.json, consider a least-privilege/test account where possible, and update the registry metadata to declare the required WeChat credential and config path.
A mistaken or over-broad invocation could remove drafts or materials from the WeChat Official Account.
The documented commands can delete WeChat drafts and permanent materials, including batch deletion, but the instructions do not clearly require confirmation or provide rollback guidance for those direct operations.
`delete <media_id>` | 删除草稿 ... `batch-del <id1> [id2] ...` | 批量删除草稿 ... `materialdel [media_id...]` | 批量删除素材
Require explicit user confirmation before destructive actions, show the exact media_ids/titles to be deleted, and prefer dry-run or interactive confirmation for batch deletes.
Local images embedded in an article can be uploaded to the WeChat material library.
Uploading images referenced by a user-selected article is purpose-aligned, but users should notice that local files referenced in content may be sent to WeChat.
Automatically extracts local images from HTML/MD, uploads to WeChat material library and replaces URLs
Review article image paths before creating or updating drafts, especially if the document may reference private local images.
Users may need to install Python packages manually and should ensure they come from trusted package sources.
The skill relies on user-installed Python packages, while the registry has no install spec and no declared required binaries; this is common setup but under-declared and unpinned.
pip install requests Pillow
Declare Python and package requirements in metadata/install specs and pin or document trusted dependency versions.