OpenClaw WeCom Channel

v0.1.0

企业微信 (WeCom) Channel 插件 — 让 OpenClaw AI Agent 通过企业微信收发消息。支持消息加解密、Token 自动管理、访问控制策略。

⭐ 5· 1.6k·12 current·13 all-time

by@darrryz

MIT-0

Security Scan

VirusTotal

Benign

View report →

OpenClaw

Benign

high confidence

✓

Purpose & Capability

Name/description promise a WeCom channel and the code implements HTTP callbacks, message decrypt/encrypt (WXBizMsgCrypt), token management, routing and sending via WeCom APIs. Required binary (node) and network access are expected and sufficient for these functions. No unrelated credentials, binaries, or system paths are requested.

✓

Instruction Scope

SKILL.md and README instruct cloning the repo, adding WeCom app credentials to ~/.openclaw/openclaw.json (or environment variables), creating a public callback URL, and restarting the gateway. Runtime instructions and code only read the plugin config and handle WeCom messages; they do not attempt to read unrelated files or exfiltrate data to unexpected endpoints. All network calls go to WeCom API endpoints.

ℹ

Install Mechanism

There is no formal install spec in registry metadata (instruction-only), and SKILL.md instructs git cloning the GitHub repo into OpenClaw extensions — a normal install path. The package.json has no external runtime dependencies. This is low risk, but users should still verify the repository origin and contents before cloning and running.

✓

Credentials

The plugin requires WeCom app credentials (corpId, agentId, secret, token, encodingAESKey) which are necessary for message decryption and API calls. The registry declares no required environment variables; the README notes optional environment variable alternatives. No unrelated secrets or multiple external service credentials are requested.

✓

Persistence & Privilege

The skill is not forced-always; it is user-invocable and can be started/stopped by OpenClaw gateway as a channel plugin. It listens on a configured port and registers itself with OpenClaw — expected behavior for a channel. It does not modify other plugins' configs or request elevated system-wide privileges.

Assessment

This plugin appears to do what it claims, but take these precautions before installing: 1) Verify the repository origin and review the code (especially token handling and the HTTP server) before cloning. 2) Store WeCom secrets (Agent Secret, Token, EncodingAESKey) only in OpenClaw's config with restrictive file permissions or use environment variables if supported; treat them like sensitive credentials. 3) Expose the callback endpoint through a secure tunnel (Cloudflare Tunnel/ngrok) and ensure TLS and WeCom trusted IP configuration to limit exposure. 4) Restrict plugin usage with the dmPolicy or allowlist if you don't want it open to all users. 5) If you stop trusting the plugin, rotate the WeCom Secret in the enterprise WeCom admin and clear token cache. If you want additional assurance, ask for a signed release or a maintainer identity and check recent commits for unexpected network or filesystem activity.

Like a lobster shell, security has layers — review code before you run it.

channelvk9748ppzppanqd7e7xemx5na2d81yp0vlatestvk9748ppzppanqd7e7xemx5na2d81yp0vopenclawvk9748ppzppanqd7e7xemx5na2d81yp0vwechat-workvk9748ppzppanqd7e7xemx5na2d81yp0vwecomvk9748ppzppanqd7e7xemx5na2d81yp0v

License

MIT-0

Free to use, modify, and redistribute. No attribution required.

Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

💬 Clawdis

Binsnode

SKILL.md

OpenClaw 企业微信 Channel 插件

企业微信 (WeCom/WxWork) 消息通道插件，让 OpenClaw AI Agent 通过企业微信收发消息，与 Telegram、Discord、Signal 等并列为原生 Channel。

功能

📩 接收消息 — 企业微信用户发送文本，Agent 自动回复
📤 主动推送 — Agent 通过企业微信 API 主动发送消息
🔐 消息加解密 — 完整实现企业微信 AES-256-CBC 消息加解密（WXBizMsgCrypt 标准）
🔑 Token 管理 — access_token 自动缓存 + 提前 5 分钟刷新
🛡️ 访问控制 — open / pairing / allowlist 三种策略
⚡ 智能回复 — 5 秒内被动回复，超时自动降级为主动推送

前置条件

OpenClaw 已安装并运行
企业微信管理员权限（创建自建应用）
公网可达的回调 URL（推荐 Cloudflare Tunnel）

快速开始

1. 安装插件

# 克隆到 OpenClaw extensions 目录
git clone https://github.com/darrryZ/openclaw-wecom-channel.git ~/.openclaw/extensions/wecom

2. 配置 OpenClaw

编辑 ~/.openclaw/openclaw.json：

{
  "channels": {
    "wecom": {
      "enabled": true,
      "corpId": "你的企业ID",
      "agentId": 1000003,
      "secret": "应用Secret",
      "token": "回调Token",
      "encodingAESKey": "回调EncodingAESKey",
      "port": 18800,
      "dmPolicy": "open"
    }
  },
  "plugins": {
    "entries": {
      "wecom": { "enabled": true }
    }
  }
}

3. 配置公网回调（Cloudflare Tunnel）

cloudflared tunnel create wecom-tunnel
cloudflared tunnel route dns wecom-tunnel wecom.yourdomain.com
cloudflared tunnel run --edge-ip-version 4 --url http://localhost:18800 wecom-tunnel

企业微信后台回调 URL 设置为：https://wecom.yourdomain.com/wecom/callback

4. 重启 Gateway

openclaw gateway restart

详细文档

完整的配置指南、企业微信后台设置步骤、故障排查请参考 README.md。

链接

GitHub: https://github.com/darrryZ/openclaw-wecom-channel
OpenClaw: https://github.com/openclaw/openclaw
企业微信开发文档: https://developer.work.weixin.qq.com/document/

Files

16 total

Select a file

Select a file to preview.

Comments

Loading comments…