ClawHub
Back to skill
v0.5.2

WeixinClawBot Send

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 8:23 AM.

Analysis

This skill appears coherent and purpose-aligned, but it can use your WeChat bot credentials to send messages and files, so you should confirm destinations and attachments.

GuidanceThis skill is not showing malicious behavior in the provided artifacts. Before installing, make sure you trust the npm package and want your agent to send WeChat messages using your configured bot account. Be careful with prompts or automations that attach files, and confirm sensitive recipients or attachments before sending.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation
SeverityMediumConfidenceHighStatusNote
src/cli.ts
.option("--to <userId>", "target user ID") ... .option("--file <path>", "file or URL to send")

The CLI intentionally allows the agent to choose a WeChat recipient and a local file or URL to send.

User impactIf invoked with the wrong recipient or file path, the agent could send unintended content over WeChat.
RecommendationUse this skill only for intended WeChat sends, confirm sensitive file paths and recipients, and use dry-run for checks when appropriate.
Agentic Supply Chain Vulnerabilities
SeverityLowConfidenceHighStatusNote
SKILL.md
- `npm install -g @claw-lab/wxclawbot-cli`

The documented setup installs a global npm CLI package, which is expected for this skill but still depends on package-source trust.

User impactThe installed npm package provides the executable the agent will run.
RecommendationInstall from the intended npm/GitHub source and consider pinning or verifying the package version in managed environments.
Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityMediumConfidenceHighStatusNote
SKILL.md
CLI 自动从 `~/.openclaw/openclaw-weixin/accounts/*.json` 发现账号。每个文件包含 `token`, `baseUrl`, `userId`

The skill uses local WeChat bot credentials and account context to authenticate sending.

User impactInstalling and using the skill lets the agent act through the configured WeChat bot account.
RecommendationInstall only if you intend the agent to send through this WeChat bot, and protect the account files and WXCLAW_TOKEN environment variable.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication
SeverityMediumConfidenceHighStatusNote
src/media.ts
const CDN_BASE_URL = "https://novac2c.cdn.weixin.qq.com/c2c"; ... body: new Uint8Array(ciphertext)

File attachments are uploaded to WeChat CDN as part of the documented send-file workflow.

User impactMessage contents and attachments leave the local machine and are sent through WeChat infrastructure.
RecommendationDo not use the skill to send confidential files unless you are comfortable sharing them through the configured WeChat service.