Wecom

PassAudited by VirusTotal on May 12, 2026.

Overview

Type: OpenClaw Skill Name: wecom Version: 1.0.3 The skill bundle provides a standard Model Context Protocol (MCP) server for sending text and markdown messages to WeCom (企业微信) via incoming webhooks. The implementation in src/index.ts and dist/index.js uses the axios library to perform POST requests to a user-defined WECOM_WEBHOOK_URL environment variable. The code logic is transparent, lacks any high-risk behaviors like unauthorized data exfiltration or shell execution, and the documentation in SKILL.md and README.md is strictly aligned with the tool's stated purpose.

Findings (0)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

NoteHigh Confidence

ASI02: Tool Misuse and Exploitation

What this means

An agent using this tool can post messages into the configured WeCom group, which may be visible to coworkers or business contacts.

Why it was flagged

The MCP tool sends caller-provided content and mentions to the configured WeCom webhook. This is the skill's purpose, but it is an external posting action.

Skill content

await axios.post(
        WECOM_WEBHOOK_URL,
        {
          msgtype: "text",
          text: {
            content,
            mentioned_list: mentioned_list || [],
          },

Recommendation

Install only if you want the agent to post to that WeCom chat. Use MCP/client approval settings for sensitive messages and consider a dedicated low-risk WeCom bot or group.

NoteHigh Confidence

ASI03: Identity and Privilege Abuse

What this means

Anyone who obtains the webhook URL may be able to send messages to the associated WeCom chat.

Why it was flagged

The webhook URL is required and functions as a posting credential for the WeCom bot. This is appropriate for the integration, but it should be protected.

Skill content

"WECOM_WEBHOOK_URL": {
      "description": "WeCom incoming webhook URL",
      "required": true
    }

Recommendation

Treat WECOM_WEBHOOK_URL as a secret, store it only in trusted configuration, and rotate the webhook if it is exposed.

NoteMedium Confidence

ASI04: Agentic Supply Chain Vulnerabilities

What this means

Installing or running the wrong npm package could execute code outside the reviewed artifact set.

Why it was flagged

The documentation allows installing or running an npm package. This is normal for a Node-based MCP server, but users should verify the package source, especially because the registry source/homepage are not supplied.

Skill content

# Install globally
npm install -g wecom-bot-mcp-server

# Or run directly with npx
npx wecom-bot-mcp-server

Recommendation

Prefer the reviewed local artifact and lockfile when possible, and verify the npm package name, publisher, and integrity before using global install or npx.