v1.0.0

企业微信对话配置

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 8:06 AM.

Analysis

The skill is a coherent WeCom setup guide, but its default example opens the bot broadly while installing a networked plugin that handles a bot secret, so it should be reviewed before use.

GuidanceBefore installing, verify the @wecom plugin publisher, protect the bot secret in ~/.openclaw/openclaw.json, and replace the open wildcard access settings with user or group allowlists unless you truly want broad WeCom access.

Findings (4)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceHighStatusNote

SKILL.md

openclaw plugins install @wecom/wecom-openclaw-plugin

The skill instructs the user to install an external plugin without a version pin. This is central to the stated WeCom integration, but the plugin code is not part of the provided artifact set.

User impactInstalling the plugin will add external code to the OpenClaw environment, and that code is expected to handle network connections and the bot secret.

RecommendationVerify the plugin source and publisher before installing, prefer a pinned or reviewed version if available, and read any plugin security warning rather than dismissing it automatically.

Rogue Agents

SeverityInfoConfidenceHighStatusNote

SKILL.md

"wecom-openclaw-plugin": { "enabled": true } ... openclaw gateway restart

The plugin is configured to stay enabled through the OpenClaw gateway. Persistent operation is expected for a chat channel, but users should understand it remains active after setup.

User impactThe WeCom channel may continue accepting messages and generating replies until the plugin or channel is disabled.

RecommendationDisable the WeCom channel or plugin when it is no longer needed, and periodically review the access-control settings.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityLowConfidenceHighStatusNote

SKILL.md

"botId": "<YOUR_BOT_ID>", "secret": "<YOUR_BOT_SECRET>"

The setup requires a WeCom bot credential in the OpenClaw configuration. This is purpose-aligned, but it is still a sensitive account secret.

User impactAnyone who can read the OpenClaw config file may be able to obtain the bot secret and misuse or impersonate the WeCom bot.

RecommendationProtect ~/.openclaw/openclaw.json with appropriate local permissions, avoid sharing the file or screenshots, and rotate the bot secret if it is exposed.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Insecure Inter-Agent Communication

SeverityMediumConfidenceHighStatusConcern

SKILL.md

"dmPolicy": "open", "allowFrom": ["*"], "groupPolicy": "open"

The recommended initial configuration opens direct-message access with a wildcard and also opens group chat access, creating broad inbound message permissions for the WeCom channel.

User impactPeople or groups you did not intend may be able to message the bot and receive OpenClaw responses, potentially consuming model credits or exposing replies in business chats.

RecommendationUse pairing or allowlists by default, such as dmPolicy "allowlist" with specific user IDs and groupPolicy "allowlist" or "disabled" unless broad access is explicitly intended.