OpenClaw WeCom Channel
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill mostly matches its stated WeCom messaging purpose, but users should review it because the advertised pairing access-control mode is not clearly enforced in the visible message handler.
Install only if you are comfortable granting OpenClaw access to a WeCom self-built app. Configure the app with the smallest visible user scope, prefer allowlist mode until pairing behavior is verified, protect the WeCom secret/token/AES key, and review logging/retention before using it for sensitive business conversations.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If pairing mode is not enforced elsewhere by the OpenClaw runtime, WeCom users who can reach the app could interact with the agent without the expected admin approval.
This is the visible inbound access-control gate. It explicitly checks only allowlist mode before dispatching to the agent and marks the message command-authorized; enforcement for the documented pairing mode is not evident in this handler.
const dmPolicy = wecomCfg.dmPolicy ?? "open"; ... if (dmPolicy === "allowlist") { ... } ... CommandAuthorized: trueBefore exposing the callback publicly, test pairing mode end-to-end. Prefer allowlist mode and restrict the WeCom app visible scope until pairing enforcement is confirmed.
Anyone with access to these credentials can potentially send messages through the enterprise WeCom application or receive/decrypt callback traffic.
The skill requires WeCom enterprise application credentials and callback encryption secrets so it can receive and send messages as the configured WeCom app.
corpId: "wwxxxxxxxxxx", agentId: 1000003, secret: "你的应用Secret", token: "回调Token", encodingAESKey: "回调AESKey"
Use a least-privilege self-built WeCom app, keep the secret/token/AES key in protected configuration, limit the app visible scope, and rotate credentials if exposed.
Sensitive message text may appear in local OpenClaw logs or event history and may be reused in agent context.
Plaintext WeCom message snippets are written to logs/system events and then routed into the agent context, which is expected for a chat channel but may retain sensitive business content.
content="${ctx.content.slice(0, 100)}" ... core.system.enqueueSystemEvent(`${inboundLabel}: ${preview}`, { sessionKey: route.sessionKeyAvoid sending secrets over this channel, review OpenClaw log retention, and consider redaction or reduced logging for production use.
The gateway will receive external webhook traffic; although the code verifies WeCom signatures and decrypts messages, the public endpoint should still be treated as exposed infrastructure.
The skill expects the local gateway callback port to be reachable from the public Internet through a tunnel so WeCom can deliver messages.
公网可达的回调 URL(推荐 Cloudflare Tunnel) ... cloudflared tunnel run --edge-ip-version 4 --url http://localhost:18800 wecom-tunnel
Use HTTPS, keep the callback token/AES key secret, restrict WeCom trusted IP settings where possible, and monitor the gateway logs for unexpected traffic.