Wecom

PassAudited by ClawScan on May 10, 2026.

Overview

This appears to be a straightforward WeCom message-sending MCP skill, but its webhook URL can post to your workplace chat and should be treated as a secret.

This skill is reasonable if you want your agent to send messages to a specific WeCom group. Before installing, make sure the webhook belongs to the intended chat, keep the URL secret, use confirmation for sensitive or public-facing messages, and install dependencies only from a source you trust.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

NoteHigh Confidence

ASI02: Tool Misuse and Exploitation

What this means

An agent using this tool can post messages into the configured WeCom group, which may be visible to coworkers or business contacts.

Why it was flagged

The MCP tool sends caller-provided content and mentions to the configured WeCom webhook. This is the skill's purpose, but it is an external posting action.

Skill content

await axios.post(
        WECOM_WEBHOOK_URL,
        {
          msgtype: "text",
          text: {
            content,
            mentioned_list: mentioned_list || [],
          },

Recommendation

Install only if you want the agent to post to that WeCom chat. Use MCP/client approval settings for sensitive messages and consider a dedicated low-risk WeCom bot or group.

NoteHigh Confidence

ASI03: Identity and Privilege Abuse

What this means

Anyone who obtains the webhook URL may be able to send messages to the associated WeCom chat.

Why it was flagged

The webhook URL is required and functions as a posting credential for the WeCom bot. This is appropriate for the integration, but it should be protected.

Skill content

"WECOM_WEBHOOK_URL": {
      "description": "WeCom incoming webhook URL",
      "required": true
    }

Recommendation

Treat WECOM_WEBHOOK_URL as a secret, store it only in trusted configuration, and rotate the webhook if it is exposed.

NoteMedium Confidence

ASI04: Agentic Supply Chain Vulnerabilities

What this means

Installing or running the wrong npm package could execute code outside the reviewed artifact set.

Why it was flagged

The documentation allows installing or running an npm package. This is normal for a Node-based MCP server, but users should verify the package source, especially because the registry source/homepage are not supplied.

Skill content

# Install globally
npm install -g wecom-bot-mcp-server

# Or run directly with npx
npx wecom-bot-mcp-server

Recommendation

Prefer the reviewed local artifact and lockfile when possible, and verify the npm package name, publisher, and integrity before using global install or npx.