Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Weixin Send Media
v1.1.0微信发图片/文件技能 - 解决 contextToken 持久化问题
⭐ 0· 117·0 current·0 all-time
by@linzmin
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description match the implementation: the scripts and patch add disk persistence for contextToken so CLI and scripts can send media. The files, CLI examples, and install script all align with the stated goal.
Instruction Scope
Runtime instructions explicitly tell the installer to apply a patch to ~/.openclaw/extensions/openclaw-weixin/src/messaging/inbound.ts (a core gateway extension). Modifying core extension code is outside an ordinary skill's isolated scope and increases risk — the skill's own documentation admits it must patch internal functions.
Install Mechanism
No remote downloads or obscure URLs; installation uses a local install.sh that runs patch and creates directories. Using patch to change a core file is intrusive but the mechanism itself is transparent (patch file included in package).
Credentials
No external credentials are requested, which is appropriate, but the skill persists context tokens (sensitive authorization tokens) as plain JSON under ~/.openclaw/openclaw-weixin/context-tokens/. While scripts recommend chmod 600 and install.sh sets the dir to 700, tokens remain unencrypted and an export command can print full token to stdout — that increases the risk of local token exposure or accidental exfiltration.
Persistence & Privilege
The skill modifies another component's source file (the openclaw-weixin gateway extension). This is a system-wide change beyond the skill's own directory and should be treated as elevated privilege; although a backup-and-restore path is provided, altering core behavior is significant and deserves review.
What to consider before installing
This skill does what it claims — enabling CLI/scripted Weixin media sends by persisting context tokens — but it patches OpenClaw's weixin gateway code and writes sensitive tokens to disk in plain JSON. Before installing: (1) inspect the actual patch file (patches/inbound.ts.patch) line-by-line to ensure no unexpected behavior, (2) back up ~/.openclaw/extensions/openclaw-weixin/src/messaging/inbound.ts (the installer does this, but verify the backup), (3) consider running the install in a disposable environment (VM/container) first, (4) if you accept installation, restrict token files (chmod 600) and consider adding encryption-at-rest or a more secure storage mechanism, (5) review export-context-token.js to avoid accidentally printing full tokens to logs or stdout, and (6) only install if you trust the author/repository — otherwise prefer an alternative solution that doesn't require patching core files. If you want higher confidence, provide the exact inbound.ts.patch content for a focused audit.scripts/send-file.js:72
Shell command execution detected (child_process).
scripts/send-image.js:74
Shell command execution detected (child_process).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.Like a lobster shell, security has layers — review code before you run it.
latestvk9707ybkdb6cy7j4ykm05v6h2n83ny3q
License
MIT-0
Free to use, modify, and redistribute. No attribution required.