ClawHub

OpenClaw WeCom Channel

Security checks across malware telemetry and agentic risk

Overview

This WeCom channel mostly matches its stated purpose, but it needs review because it can expose enterprise chat content in logs and its advertised pairing access control is not clearly enforced in the inspected message handler.

Review before installing in a business WeCom workspace. Use allowlist mode, restrict access to OpenClaw and gateway logs, avoid sending regulated or confidential data unless logs are controlled or redacted, store WeCom credentials in a secrets manager or tightly permissioned config, and do not rely on pairing mode until its enforcement is verified.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (5)

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The README describes receiving WeCom messages over HTTP callbacks, sending them via external APIs, and viewing logs, but does not clearly warn users that message content may transit third-party infrastructure and may be captured in application, gateway, or tunnel logs. In this context, the plugin handles enterprise chat traffic, so missing privacy disclosure can cause accidental exposure of sensitive internal communications and personal data.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The documentation instructs users to store the WeCom Secret, callback Token, and EncodingAESKey in plaintext configuration files or export them directly as environment variables, but does not warn about local disclosure risks such as weak file permissions, backup leakage, shell history capture, process/environment inspection, or accidental logging. Because these credentials protect message integrity and API access, exposure could let an attacker impersonate the app, decrypt/forge callbacks, or send messages via the enterprise integration.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The documentation shows sensitive configuration fields such as `secret`, `token`, and `encodingAESKey` in a persistent JSON config example without warning users to keep them out of source control, logs, and screenshots. This increases the chance that real credentials will be copied into plaintext files or committed to repositories, which could enable message forgery, callback abuse, or unauthorized API access to the WeCom integration.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The code logs inbound WeCom user IDs and a preview of message content directly, which can expose personal data and potentially sensitive business information to application logs. In an enterprise chat integration, logs are often centrally aggregated and accessible to operators, so this increases the chance of unauthorized disclosure even if the logging is intended for debugging or observability.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The dispatcher logs the first 100 characters of outbound reply text before sending it to a user, which can expose user-directed or model-generated sensitive content into application logs. In a messaging integration, replies may contain personal data, secrets, internal prompts, or regulated content, and logs are often retained longer and accessed more broadly than live messages.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal