WeCom文件发送
通过企业微信将本地目录中的文件(文档、图片、视频、语音)发送给指定用户,支持文件大小限制管理。
MIT-0 · Free to use, modify, and redistribute. No attribution required.
⭐ 0 · 46 · 0 current installs · 0 all-time installs
MIT-0
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The declared purpose is to send local files via 企业微信 (WeCom). However, the skill declares no credentials, environment variables, or configuration for authenticating to WeCom. A legitimate WeCom integration normally requires CorpID/CorpSecret/AgentId or a webhook/token; none are requested or documented, which is incoherent with the stated capability.
Instruction Scope
SKILL.md explicitly instructs the agent to read specific local directories (e.g. ~/.openclaw/workspace/, memory/companywork/, memory/douyin-videos/) and to run commands like ls/grep to find files. That scope includes potentially sensitive company content. The instructions do not constrain which files may be read or explain how file selection and transmission are authorized, giving the agent broad discretion to access local files.
Install Mechanism
This is an instruction-only skill with no install spec or code to write to disk. No installation-related risks were identified.
Credentials
The skill requests no environment variables or credentials, yet it claims to perform an authenticated network action (sending via WeCom). The absence of required auth/config is disproportionate and unexplained. Additionally, the skill's referencing of company-specific directories implies access to sensitive data without explicit justification or declared least-privilege boundaries.
Persistence & Privilege
The skill does not request persistent/always-on presence (always: false) and has no install actions. However, because agent autonomous invocation is allowed by default, the agent could be instructed (or decide) to access the listed local directories and send files; that runtime capability combined with the other inconsistencies raises privacy concerns. This is not a privilege escalation by itself but increases the blast radius.
What to consider before installing
This skill is inconsistent: it tells the agent to read local workspace directories and send files via WeCom but gives no information about how authentication or destination is configured. Before installing or using it, ask the publisher: (1) Where/how are WeCom credentials supplied (CorpID/Secret/AgentId or webhook)? (2) Which exact recipients/endpoints will receive files? (3) Can the skill be limited to specific directories or file types? (4) Will there be explicit prompts/consent each time a file is read/sent? If you can't get clear answers, avoid granting the agent access to sensitive work directories and test with a sandbox and non-sensitive files only. Consider disabling autonomous invocation or requiring explicit user confirmation before any file access or network upload.Like a lobster shell, security has layers — review code before you run it.
Current versionv1.0.0
Download zipfilelatestmediasenderwecom
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
SKILL.md
WeCom 文件发送技能
创建时间: 2026-03-18 适用于: 企业微信 (WeCom)
技能描述
将本地文件通过企业微信发送给用户的功能封装。通过此技能,可以将本地文件(如文档、图片、视频、语音等)发送给用户。
触发词
- "发送文件给我"
- "传输文件"
- "发送XX文件"
- "把这个文件发给我"
- "文件发给我"
使用方法
1. 文件路径
文件存放在以下目录:
- 主工作目录:
~/.openclaw/workspace/ - 公司业务目录:
~/.openclaw/workspace/memory/companywork/ - 抖音内容:
~/.openclaw/workspace/memory/douyin-videos/
2. 发送指令
在回复中单独一行使用 MEDIA: 指令,后面跟文件的本地路径。
格式:
MEDIA: /文件的绝对路径
示例:
MEDIA: ~/.openclaw/workspace/memory/companywork/会议纪要.md
MEDIA: ~/openclaw/workspace/test.pdf
3. 文件大小限制
| 类型 | 限制 |
|---|---|
| 图片 | ≤10MB |
| 视频 | ≤10MB |
| 语音 | ≤2MB (仅支持AMR格式) |
| 文件 | ≤20MB |
超过限制会被自动转为文件格式发送。
4. 查找文件
使用 ls 命令查找文件:
ls -la ~/.openclaw/workspace/memory/companywork/
注意事项
- MEDIA: 必须在行首,后面紧跟文件路径
- 路径中包含空格时用反引号包裹
- 每个文件单独一行 MEDIA: 指令
- 可以附带文字说明
示例
用户请求: "把XX会议纪要发给我"
处理步骤:
- 查找文件:
ls ~/.openclaw/workspace/memory/companywork/ | grep 关键词 - 确认文件路径
- 发送文件:
MEDIA: ~/.openclaw/workspace/memory/companywork/XX会议纪要.md
此技能封装了企业微信文件发送功能,方便快速将本地文件分享给用户
Files
1 totalSelect a file
Select a file to preview.
Comments
Loading comments…