Back to skill
Skillv0.1.0
VirusTotal security
OpenClaw WeCom Channel · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignMay 1, 2026, 4:45 AM
- Hash
- ef5be10f715b2fb41f7c1ffd0f5dd69020d45a2821f501a1b45e164a61aa9154
- Source
- palm
- Verdict
- benign
- Code Insight
- Type: OpenClaw Skill Name: openclaw-wecom-channel Version: 0.1.0 The OpenClaw WeCom channel plugin is designed to integrate OpenClaw AI agents with the WeCom messaging platform. It handles message sending/receiving, encryption/decryption (using WeCom's WXBizMsgCrypt standard), and access token management. The plugin requires network access and opens an HTTP port for WeCom callbacks, which is explicitly declared and necessary for its functionality. It uses official WeCom API endpoints and handles sensitive credentials (corpId, secret, etc.) as expected for an integration. There is no evidence of intentional malicious behavior such as data exfiltration to unauthorized third parties, unauthorized command execution, or prompt injection attempts against the AI agent. The use of SHA1 for message signing is a requirement of the WeCom API, not a malicious choice by the plugin developer. The code is straightforward and aligns with the stated purpose.
- External report
- View on VirusTotal