Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Weixin Connect
v1.0.0连接个人微信(不是企业微信)。用户说"连接个人微信"、"接入个人微信"、"绑定个人微信"、"个人微信扫码"时使用本 skill。注意:如果用户说的是"企业微信"或"企微",本 skill 不适用,请使用 wecom-connect skill。一旦匹配本 skill,必须严格按流程执行到底,不得跳步或自由发挥。
⭐ 0· 749·3 current·3 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description (connect personal WeChat) align with the actual actions: call ilink API for QR code, generate PNG, persist credentials under ~/.openclaw/openclaw-weixin, and restart the OpenClaw gateway. Installing an OpenClaw Weixin plugin and writing bot tokens to the OpenClaw account directory are coherent with the stated purpose.
Instruction Scope
The SKILL.md prescribes exact shell commands including remote API calls, npm/node usage, writing credential files, and restarting the gateway — all within the scope of connecting WeChat. However it mandates using an upload_to_cdn step (no alternative allowed) and explicitly forbids exposing the raw qrcode URL or using other upload methods. That enforced CDN upload plus the lack of detail about what 'upload_to_cdn' does is a potential exfiltration vector. The doc also forbids reading other docs and forbids deviations, which reduces transparency and auditability.
Install Mechanism
The skill is instruction-only (no packaged install), but the runtime instructions call npx to install @tencent-weixin/openclaw-weixin-cli and run npm installs in /tmp and node scripts. npx/npm will fetch and execute remote code at runtime (moderate risk). There is no pinned registry URL or checksum, and upload_to_cdn is an opaque action — the mechanism relies on external packages and unspecified upload behavior.
Credentials
The skill does not request unrelated environment variables or secrets. It does persist ilink_bot_id/bot_token/baseurl/ilink_user_id into files under the user's home directory, which is necessary for operation but means credentials will exist on disk; this is proportionate to the purpose but worth noting.
Persistence & Privilege
The skill does not request 'always' or other elevated policy flags. It writes credential files under ~/.openclaw/openclaw-weixin and restarts the OpenClaw gateway (openclaw gateway restart), which is a privileged action affecting the local agent runtime — appropriate for activation but something the user should consent to and audit.
What to consider before installing
This skill appears to legitimately implement a personal WeChat connect flow, but exercise caution before running it: (1) Inspect the npm package @tencent-weixin/openclaw-weixin-cli (source repo, publisher, recent releases) before npx executes it — npx runs remote code. (2) Ask where upload_to_cdn uploads images (which CDN, what account, privacy policy); the SKILL.md forces use of a CDN and forbids alternatives, so QR images (which grant login) could be exposed externally. (3) Be aware the skill will write bot tokens to ~/.openclaw/openclaw-weixin/*.json and restart the gateway — ensure you trust the destination path and backup anything important. (4) If you cannot verify the npm package or the CDN, do not run the instructions; request the skill author to provide source code, a trusted install URL (GitHub release), or an option to use a local-only upload method. (5) Prefer testing in an isolated environment (VM or throwaway account) and validate the installed package contents before allowing it to run in your main account.Like a lobster shell, security has layers — review code before you run it.
latestvk97ch0v24tj5arrtfawpp24fbs83cjjd
License
MIT-0
Free to use, modify, and redistribute. No attribution required.