Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
mmxagent-skill-wecom
v1.0.0连接企业微信。调用 generate 接口获取授权链接,用户把链接发到企业微信聊天里点开完成授权。用户提到连接企业微信、接入企微、绑定企微机器人、创建企微机器人、扫码绑定企微时使用。
⭐ 0· 31·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's name/description (connect WeCom) align with the runtime behavior (call generate → give user auth_url → poll → store botId/secret). However the manifest declares no required binaries or config paths while the instructions clearly expect network access, curl (or equivalent HTTP client), an 'openclaw' CLI, and write access to ~/.openclaw/openclaw.json. The omission in metadata is inconsistent with the actual capability.
Instruction Scope
SKILL.md prescribes concrete network calls to work.weixin.qq.com, extracting scode/auth_url, handing the auth_url to the user, polling for results, writing credentials into ~/.openclaw/openclaw.json, and running 'openclaw gateway restart'. These steps are within the advertised purpose but the instructions instruct modifying a user config file and restarting the gateway — operations with side effects that should have been declared and exposed to user consent. The file path and restart step are not listed in the skill's declared requirements.
Install Mechanism
This is an instruction-only skill with no install spec and no code files, so it does not download or install third-party code. That lowers installation risk. The runtime still expects local tools and network access, which are not installed by the skill.
Credentials
The skill does not request environment variables or external credentials in metadata, and it does not exfiltrate arbitrary env vars in the instructions. It will, however, obtain and store botId/secret from the WeCom flow into the user's OpenClaw config — this is proportional to the feature but is a sensitive write operation that the skill did not declare. No other unrelated credentials are requested.
Persistence & Privilege
always:false (good). The skill instructs writing persistent credentials into ~/.openclaw/openclaw.json and restarting the gateway, which grants it the ability to alter the agent's configuration and operational state. That behavior can be legitimate for an integration, but users should explicitly consent and be aware. The skill does not try to modify other skills or system-wide settings beyond its own config, per instructions.
What to consider before installing
This skill appears to do what it claims (set up a WeCom bot) but the package metadata is incomplete. Before installing: 1) Confirm you trust requests to https://work.weixin.qq.com/ai/qc/* and that those endpoints are legitimate for your environment. 2) Ensure you have an HTTP client (curl or equivalent) and the 'openclaw' CLI available — the skill assumes these but doesn't declare them. 3) Back up ~/.openclaw/openclaw.json and be prepared that the skill will write botId/secret into that file and run 'openclaw gateway restart'. 4) If you need stricter control, ask the skill author to update metadata to declare required binaries and the config path, or run the flow manually (call generate, paste auth_url, then perform the polling and config write yourself) so you can review and approve the exact changes. If you cannot verify the endpoints or do not want automated writes/restarts, treat this as untrusted and perform the integration manually.Like a lobster shell, security has layers — review code before you run it.
latestvk97edy3nejxf1xxhybrx4f5d7d842tx0
License
MIT-0
Free to use, modify, and redistribute. No attribution required.