Back to skill
Skillv1.0.1
ClawScan security
qywx-msg-sender · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 19, 2026, 7:55 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The scripts implement exactly what the skill claims (sending messages to Enterprise WeChat group bots via webhook); nothing in the code or instructions accesses unrelated services or secrets, though webhook URLs (which include keys) are stored locally in an unencrypted registry file.
- Guidance
- This skill appears coherent and does what it says: send messages to Enterprise WeChat group bots. Before installing or running: (1) confirm you trust the webhook URLs you register — the URLs contain keys that allow posting to your groups; (2) protect the registry file (~/.wecom/chat_registry.json) with appropriate filesystem permissions because it stores webhook URLs in plaintext; (3) be aware that sending a file/image will upload its contents to WeCom (the upload endpoint is qyapi.weixin.qq.com); (4) review the scripts yourself if you run them in sensitive environments (they are simple shell scripts but will read any file path you pass); (5) ensure curl and jq come from trusted system packages. If you need stronger secrecy for webhook keys, avoid storing them in the registry or store them encrypted and modify the scripts accordingly.
Review Dimensions
- Purpose & Capability
- okThe name/description (WeCom group webhook sender) matches the implementation: bash scripts to send text, markdown, images, files, and manage a local registry of named webhooks. Declared runtime dependencies (curl, jq) are appropriate and used by the scripts.
- Instruction Scope
- okSKILL.md and the scripts confine actions to expected behavior: parsing args, reading/writing a local registry (~/.wecom/chat_registry.json by default), reading user-provided files (images/files/messages), and posting to the WeCom webhook endpoints. The scripts do not access unrelated system credentials or external endpoints beyond the WeCom API and the user-supplied webhook URLs.
- Install Mechanism
- okNo install spec is provided — this is instruction + script bundle. No external downloads or archive extraction occur. Scripts are plain shell; risk is limited to running those scripts locally.
- Credentials
- noteThe skill does not require unrelated credentials. It optionally uses WECOM_WEBHOOK_URL, WECOM_CHATID and WECOM_REGISTRY_FILE which are proportional. Important: registered webhook URLs (which include the secret 'key' query parameter) are stored in plaintext in the registry file (~/.wecom/chat_registry.json by default), so the registry effectively holds secrets that should be protected.
- Persistence & Privilege
- noteThe scripts persist a registry file under the user's home directory and modify it (register/unregister). always:false and autonomous invocation defaults are unchanged. The skill does not request system-wide changes or modify other skills' configurations.