Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
WeCom Connect
v1.0.0连接企业微信。调用 generate 接口获取授权链接,用户把链接发到企业微信聊天里点开完成授权。用户提到连接企业微信、接入企微、绑定企微机器人、创建企微机器人、扫码绑定企微时使用。
⭐ 0· 214·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's described purpose (connect Enterprise WeChat / bind a WeCom bot) aligns with calling work.weixin.qq.com endpoints and obtaining bot credentials. However the metadata declares no required config paths or credentials, while the instructions explicitly write to ~/.openclaw/openclaw.json and restart the OpenClaw gateway. The metadata omission is an incoherence: the skill needs access to the user's OpenClaw config and ability to restart services but does not declare that.
Instruction Scope
SKILL.md gives explicit runtime commands: two curl requests to official work.weixin.qq.com endpoints (generate and query_result), extract scode/auth_url, wait for user confirmation, then poll and on success write botId and secret into ~/.openclaw/openclaw.json and run `openclaw gateway restart`. Network calls are consistent with purpose, but file writes and a service restart are system-altering actions that go beyond simple OAuth flow and are not reflected in the skill metadata.
Install Mechanism
Instruction-only skill with no install spec and no code files — lowest installation risk. The instructions assume availability of curl and the openclaw CLI, but nothing will be downloaded or executed beyond the described commands.
Credentials
The skill requests no environment variables or credentials in metadata, which is consistent with using an out-of-band authorization link. However the runtime stores the bot secret and botId into the user's OpenClaw config in plaintext and does not declare that it will handle secrets. Storing credentials to ~/.openclaw/openclaw.json is sensitive and should be explicit in metadata.
Persistence & Privilege
always:false (good), but the skill instructs writing persistent configuration and restarting the system's OpenClaw gateway. Those are privileged, persistent actions affecting the agent's runtime and should be declared — the metadata does not indicate this level of privilege or the config path involved.
What to consider before installing
This skill does what it says (creates an auth link with work.weixin.qq.com and binds a WeCom bot), but it will: (1) write botId and bot secret into your OpenClaw config file (~/.openclaw/openclaw.json) in plaintext, and (2) run `openclaw gateway restart`. Before installing or invoking it, verify: • you trust the skill/source (no homepage or publisher info provided); • you have curl and the openclaw CLI available and know what `openclaw gateway restart` does in your environment; • backup ~/.openclaw/openclaw.json so you can restore previous settings; • you are comfortable with the bot secret being stored in that file (sensitive); • the endpoints called (work.weixin.qq.com/ai/qc/...) are expected by your org. Consider asking the publisher to update metadata to declare required config path(s) and explicitly state that the skill will write secrets and restart the gateway. If you are unsure, perform the flow manually (run the generate/query endpoints yourself and update config after verifying outputs) rather than granting an automated agent permission to modify files and restart services.Like a lobster shell, security has layers — review code before you run it.
latestvk97f2q09fpg0ab4zsnz5tx7gkn83ap8b
License
MIT-0
Free to use, modify, and redistribute. No attribution required.