Back to skill

Security audit

Weixin OpenClaw Login

Security checks across malware telemetry and agentic risk

Overview

This skill fits its Weixin/OpenClaw login purpose, but it handles login URLs, QR tokens, bot tokens, and local account files without clearly warning users that they are secrets.

Review before installing. Use this only if you trust the Tencent Weixin OpenClaw package and need this login workflow. Treat QR URLs, qrcode values, bot_token, ilink_user_id, terminal output from the polling script, and files under `~/.openclaw/openclaw-weixin/` as secrets; do not paste them into chats, tickets, logs, screenshots, or repositories unless fully redacted.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill instructs users to fetch login QR URLs and poll login status tokens from Tencent endpoints without warning that the qrcode token and returned fields may be login-session artifacts. In a login-flow skill, omission of handling guidance increases the chance users expose tokens in shell history, logs, screenshots, or shared terminals, enabling account/session misuse or privacy leakage.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill points users to local state files that contain bot tokens and even shows the token-bearing JSON shape, but does not label these files as secrets or warn against copying, sharing, or loosening permissions. Anyone who gains access to these files could potentially reuse the token to impersonate the connected Weixin/OpenClaw account or disrupt the integration.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The document explicitly recommends sharing the raw QR-code login URL because it is more reliable than the rendered terminal QR code, but it does not treat that URL as an authentication secret. In this login flow, the raw QR URL is the actual login carrier; anyone who receives or intercepts it may be able to scan and bind the session, enabling unauthorized account access or session hijacking.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The notes include a successful response containing `bot_token` and describe exact local credential storage paths without warning that these are secrets. This materially lowers the barrier to credential theft: users may paste live tokens into support channels or expose stored account files, leading to account takeover, replay of authenticated sessions, or broader compromise of the connected OpenClaw/Weixin integration.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.