Back to skill
Skillv0.1.0
ClawScan security
OpenClaw WeCom Channel · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 27, 2026, 2:02 AM
- Verdict
- Benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The plugin's code, instructions, and requirements are consistent with a WeCom (企业微信) channel: it needs a Node runtime, network access, and WeCom app credentials stored in OpenClaw config; nothing requested or installed looks disproportionate to that purpose.
- Guidance
- This plugin appears to do what it claims, but take these precautions before installing: 1) Verify the repository origin and review the code (especially token handling and the HTTP server) before cloning. 2) Store WeCom secrets (Agent Secret, Token, EncodingAESKey) only in OpenClaw's config with restrictive file permissions or use environment variables if supported; treat them like sensitive credentials. 3) Expose the callback endpoint through a secure tunnel (Cloudflare Tunnel/ngrok) and ensure TLS and WeCom trusted IP configuration to limit exposure. 4) Restrict plugin usage with the dmPolicy or allowlist if you don't want it open to all users. 5) If you stop trusting the plugin, rotate the WeCom Secret in the enterprise WeCom admin and clear token cache. If you want additional assurance, ask for a signed release or a maintainer identity and check recent commits for unexpected network or filesystem activity.
Review Dimensions
- Purpose & Capability
- okName/description promise a WeCom channel and the code implements HTTP callbacks, message decrypt/encrypt (WXBizMsgCrypt), token management, routing and sending via WeCom APIs. Required binary (node) and network access are expected and sufficient for these functions. No unrelated credentials, binaries, or system paths are requested.
- Instruction Scope
- okSKILL.md and README instruct cloning the repo, adding WeCom app credentials to ~/.openclaw/openclaw.json (or environment variables), creating a public callback URL, and restarting the gateway. Runtime instructions and code only read the plugin config and handle WeCom messages; they do not attempt to read unrelated files or exfiltrate data to unexpected endpoints. All network calls go to WeCom API endpoints.
- Install Mechanism
- noteThere is no formal install spec in registry metadata (instruction-only), and SKILL.md instructs git cloning the GitHub repo into OpenClaw extensions — a normal install path. The package.json has no external runtime dependencies. This is low risk, but users should still verify the repository origin and contents before cloning and running.
- Credentials
- okThe plugin requires WeCom app credentials (corpId, agentId, secret, token, encodingAESKey) which are necessary for message decryption and API calls. The registry declares no required environment variables; the README notes optional environment variable alternatives. No unrelated secrets or multiple external service credentials are requested.
- Persistence & Privilege
- okThe skill is not forced-always; it is user-invocable and can be started/stopped by OpenClaw gateway as a channel plugin. It listens on a configured port and registers itself with OpenClaw — expected behavior for a channel. It does not modify other plugins' configs or request elevated system-wide privileges.