ClawHub

Weixin OpenClaw Login

v1.0.1

处理微信个人号接入 OpenClaw 的官方登录流程与排障。用于安装 `@tencent-weixin/openclaw-weixin`、获取新的二维码授权链接、查询扫码状态、修复 `openclaw-weixin` 卡在 `SETUP / no token`、以及整理微信 8.0.70+ 接入 OpenClaw...

2· 368·2 current·2 all-time
by@aqhi
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (Weixin OpenClaw login and troubleshooting) matches what the skill does: it fetches Weixin ilink QR URLs and polls ilinkai.weixin.qq.com for status. The included scripts and doc references target the same service and local OpenClaw paths referenced in the description; there are no unrelated required credentials or binaries.
Instruction Scope
SKILL.md instructs the agent/user to run the provided scripts or equivalent HTTP calls against https://ilinkai.weixin.qq.com and to inspect local OpenClaw state files under ~/.openclaw/openclaw-weixin/. That is within scope. Note: the scripts will print returned fields including bot_token (a secret). Treat terminal output and logs as sensitive and avoid pasting them into untrusted places.
Install Mechanism
There is no install spec (instruction-only with two helper scripts). No downloads from untrusted URLs or archive extraction are present. Risk from installation is minimal — running the included scripts executes local Node/Python code (reviewable) and makes outbound HTTPS requests to the expected host.
Credentials
No environment variables, credentials, or config paths are requested by the skill beyond recommending inspection of the user's OpenClaw state directory. The network calls are limited to the official weixin ilink host. The only sensitive artifact is bot_token returned by the API; the skill does not attempt to transmit it elsewhere.
Persistence & Privilege
Skill is user-invocable, not always-enabled, and does not request persistent system-wide privileges or attempt to modify other skills or agent settings. It does not store credentials on its own.
Assessment
This skill appears coherent and focused on retrieving and polling Weixin/OpenClaw QR login state. Before running: (1) review the two provided scripts (they are short and readable); (2) be aware the API responses include bot_token (a secret) — do not paste that token into chat, issue trackers, or logs you don't control; (3) run scripts locally in a trusted environment (they use node/fetch and python urllib); (4) confirm Node/Python versions if needed; (5) if you need higher assurance, manually perform the single curl/python requests shown in SKILL.md instead of running scripts. If you see the skill attempting to contact hosts other than ilinkai.weixin.qq.com or to write/read files outside the OpenClaw state directory, stop and investigate further.

Like a lobster shell, security has layers — review code before you run it.

latestvk97eqbja6hfjhnhhz6s2679nmh83dnvm

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments