ClawHub

WeChat Sender by dxx

v1.0.0

通过OpenClaw微信通道主动发送文字、图片和文件消息,支持单发、定时和批量推送,需联系人已存在聊天记录。

0· 50·0 current·0 all-time
by@ntaffffff
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description describe sending messages via the OpenClaw weixin channel; the scripts implement a local HTTP client to POST to the documented local Gateway API and include contact management and authorization helpers — all coherent with the stated purpose.
Instruction Scope
SKILL.md and scripts only reference a local OpenClaw Gateway (127.0.0.1:18789) and local files. send_message.py will read any file path provided, base64-encode it, and include it in the outgoing payload — this is expected for file sending but also enables sending arbitrary local file contents to the Gateway. auth_helper enforces a local consent flow (writes .auth.json) but does not prevent programmatic use if the user or environment grants authorization.
Install Mechanism
No install spec; the skill is instruction/code-only and does not fetch remote artifacts or run installers. Files are plain Python scripts and docs. This minimizes install-time risk.
Credentials
The skill declares no environment variables or external credentials (proportionate). It does create and read local files (.auth.json and .contacts.json) in the project parent directory to track authorization and contacts — expected for this functionality but worth noting if you run the skill from a shared directory.
Persistence & Privilege
always is false and the skill does not request platform-wide privileges or modify other skills. It persists only its own local state files and does not attempt to enable itself or change system-wide settings.
Assessment
This skill appears to do what it claims: send WeChat messages via a local OpenClaw Gateway. Before installing, confirm you trust the OpenClaw Gateway at 127.0.0.1:18789 and the environment where the agent runs. Be aware that the file-send feature will read any local file path you provide and include its base64 content in the request — which is necessary for attachments but could be used to transmit sensitive local files if misused. Keep .auth.json and .contacts.json in a safe location, ensure you grant explicit authorization for bulk or automated sends, and avoid running the skill in environments where untrusted code or users could call it to exfiltrate data.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ff5ggwgh5h27e7j47zvzs8584eq49messagingvk97ff5ggwgh5h27e7j47zvzs8584eq49notificationvk97ff5ggwgh5h27e7j47zvzs8584eq49wechatvk97ff5ggwgh5h27e7j47zvzs8584eq49

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments