WeCom文件发送
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: wecom-file-sender Version: 1.0.0 The skill 'wecom-file-sender' is designed to allow an AI agent to send local files to users via Enterprise WeChat (WeCom). The instructions in SKILL.md define a clear protocol using the 'MEDIA:' command and provide guidance for the agent to locate files within specific workspace directories (~/.openclaw/workspace/) using standard shell commands like ls and grep. There is no evidence of malicious intent, data exfiltration of sensitive system files, or obfuscation.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the wrong path is selected, a local file could be sent unintentionally.
The skill tells the agent to locate local files and emit a MEDIA directive that sends a file. This is the core function, but it is still a sensitive tool action.
在回复中单独一行使用 MEDIA: 指令,后面跟文件的本地路径。... 使用 ls 命令查找文件
Use this skill with explicit file names or paths, and confirm the intended file before sending.
Business or private files in the workspace could be shared through WeCom when requested.
The skill sends local workspace files, including a business-work directory, through the WeCom communication channel. The destination channel is disclosed and purpose-aligned, but it crosses a data-sharing boundary.
将本地文件通过企业微信发送给用户... 公司业务目录: `~/.openclaw/workspace/memory/companywork/`
Verify the WeCom recipient and avoid broad requests that could match sensitive files.