WeixinClawBot Send
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill coherently does what it claims—let an agent send WeChat messages and attachments—but it uses stored WeChat bot credentials and can transmit files, so users should install it only if they want the agent to have that authority.
Install this skill if you want your agent to proactively message you on WeChat and send selected files. Before installing, confirm you trust the npm package/source, understand which WeChat bot account it will use, and set clear rules for when the agent may send messages or attachments.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The agent can send WeChat messages and files using the configured bot account, including to a non-default user ID if instructed.
The skill intentionally exposes a tool that can send WeChat messages and attachments to a chosen recipient. This is core to the stated purpose and disclosed, but it is a high-impact action if invoked with the wrong content or recipient.
让 agent 能主动给微信用户推送消息,包括文本、图片、视频、文件 ... `--to <userId>` ... `--file <path>`
Use this only with trusted agents and prompts; prefer the default bound recipient when possible, use --dry-run for uncertain sends, and require explicit approval before sending sensitive files or messages.
Anyone who can cause the agent to use this skill may be able to send messages through the configured WeChat bot account.
The code resolves a WeChat bot token from an environment variable or OpenClaw account files and also reads context tokens for proactive push delivery. This is necessary for the integration but grants account-level messaging authority.
const envToken = process.env.WXCLAW_TOKEN?.trim(); ... const data = loadAccountData(targetId); ... token: data.token ... const contextTokens = loadContextTokens(targetId);
Keep the OpenClaw account directory private, install only on trusted machines, verify WXCLAW_BASE_URL if set, and rotate the bot token if misuse is suspected.
If the agent is told to attach the wrong file or URL, private data could be sent through WeChat/CDN to the selected recipient.
When sending attachments, the CLI reads the selected local file or URL content and uploads encrypted bytes to WeChat's CDN. This provider data flow is disclosed and purpose-aligned, but attached content leaves the local machine.
const CDN_BASE_URL = "https://novac2c.cdn.weixin.qq.com/c2c"; ... const data = fs.readFileSync(filePath); ... body: new Uint8Array(ciphertext)
Only attach files you intend to share, avoid secrets or broad paths, and confirm the recipient before allowing file sends.
Installing the package adds a local executable that can access the same files and environment available to the user running it.
The skill depends on installing a global npm CLI package. This is expected for the stated purpose and the provided source shows no suspicious static patterns, but users still need to trust the package provenance.
npm install -g @claw-lab/wxclawbot-cli
Install from the intended package/repository, keep it updated from a trusted source, and avoid installing on machines where the agent should not have WeChat messaging access.