WeChat Work OpenClaw Adapter

v1.0.0

Integrate WeChat Work (Enterprise WeChat) with OpenClaw for intelligent messaging. Enables receiving messages from WeChat Work, processing them with Claude A...

⭐ 0· 622·2 current·2 all-time

by@richagain

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for richagain/wecom-openclaw.

Previewing Install & Setup.

Prompt PreviewInstall & Setup

Install the skill "WeChat Work OpenClaw Adapter" (richagain/wecom-openclaw) from ClawHub.
Skill page: https://clawhub.ai/richagain/wecom-openclaw
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install wecom-openclaw

ClawHub CLI

Package manager switcher

npx clawhub@latest install wecom-openclaw

Security Scan

VirusTotal

Benign

View report →

OpenClaw

Suspicious

high confidence

Purpose & Capability

The skill's code, SKILL.md, and scripts all implement a WeChat Work adapter that calls OpenClaw and therefore legitimately requires WeChat credentials and an OpenClaw token. However the registry metadata claims 'no required env vars' while the SKILL.md and scripts require CORP_ID, AGENT_ID, AGENT_SECRET, APP_SECRET, WEBHOOK_TOKEN and OPENCLAW_TOKEN. That metadata mismatch is an incoherence that could mislead users about sensitive requirements.

Instruction Scope

SKILL.md gives concrete, appropriate runtime instructions (deploy, edit .env, run, expose tunnel). The code follows that workflow. Concerns: the code logs the GET echostr and signature values (which may include sensitive encrypted payload), the security-guide recommends content filtering and log sanitization but the runtime path does not apply the suggested filterSensitiveContent function to AI replies, and getAccessToken falls back to AGENT_SECRET if APP_SECRET is missing (mixing encryption key and app secret). These gaps increase risk of accidental leakage or misconfiguration.

✓

Install Mechanism

No remote download/install from untrusted URLs. The provided deploy.sh copies files to a user directory and runs 'npm install', which pulls normal npm dependencies. This is standard for a Node.js adapter and does not in itself indicate an elevated supply-chain risk beyond typical npm dependencies.

Credentials

The environment variables the code requires (WeChat CorpID/AgentID/EncodingAESKey/AppSecret/Webhook token and OPENCLAW_TOKEN) are appropriate for the adapter's function. However the registry metadata lists none required (incoherent). Also the code writes logs that may contain sensitive values and the OpenClaw token is sent as a Bearer header — make sure that token is scoped and rotated. The fallback to use AGENT_SECRET in getAccessToken is unexpected and could reveal misuse of keys.

✓

Persistence & Privilege

The skill does not request elevated platform privileges or 'always' inclusion. It installs files under a user directory, creates a logs folder, and runs as a normal user service. That level of persistence and privilege is expected for this adapter.

What to consider before installing

This adapter largely does what it claims (WeChat Work ↔ OpenClaw) but there are a few red flags you should consider before installing: - The registry metadata incorrectly states 'no required env vars' while the code requires multiple sensitive secrets (CORP_ID, AGENT_ID, AGENT_SECRET, APP_SECRET, WEBHOOK_TOKEN, OPENCLAW_TOKEN). Treat this as an inconsistency and verify the source/trustworthiness of the package before supplying credentials. - Inspect and (if you plan to run it) modify the code to ensure it does not log sensitive fields. The GET /webhook handler currently logs echostr and signatures; remove or sanitize such logs. - The security guide suggests filtering AI replies, but the runtime does not apply a filter before sending replies. Add filtering (or validate replies) to avoid accidental disclosure of secrets in responses. - getAccessToken falls back to AGENT_SECRET if APP_SECRET is missing — that is suspicious/incorrect behavior; ensure you set APP_SECRET correctly and consider changing the code to fail instead of using the wrong key. - The deploy instructions use cloudflared quick tunnels for convenience — do not use quick tunnels in production; prefer a stable named tunnel or proper hosting and add your server IP to WeChat Work’s trusted list as required. - Run this adapter in an isolated environment (dedicated user, limited network egress, local firewall rules), avoid exposing OpenClaw/API tokens broadly, and rotate credentials after testing. If you don't trust the publisher or cannot audit the code yourself, do not install or provide any production credentials. If you proceed, apply the logging sanitization and reply-filtering changes, and verify APP_SECRET behavior before putting it into production.

✗

scripts/index.js:21

Environment variable access combined with network send.

Patterns worth reviewing

These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ajwm1kkxfagn62jtrk1rfvd82tdz9

622downloads

0stars

1versions

Updated 15h ago

v1.0.0

MIT-0

WeChat Work → OpenClaw Adapter

Quick Start

# 1. Deploy
bash <skill_dir>/scripts/deploy.sh

# 2. Edit .env with your WeChat Work credentials
nano ~/wecom-adapter/.env

# 3. Start
cd ~/wecom-adapter && npm start

# 4. Expose publicly
cloudflared tunnel --url http://localhost:8090

# 5. Copy tunnel URL → WeChat Work admin → webhook URL

Architecture

WeChat Work → HTTPS → Cloudflare Tunnel → Node.js Adapter (8090)
                                              ├─ Verify msg_signature (SHA1)
                                              ├─ Decrypt message (AES-256-CBC)
                                              ├─ Return "success" within 5s
                                              └─ Async: call OpenClaw → send reply via WeCom API

Key: Adapter returns success immediately, then sends AI reply asynchronously via WeChat Work's message/send API. This avoids the 5-second timeout.

⚠️ Critical Gotchas (Learned the Hard Way)

1. Parameter name is `msg_signature`, NOT `signature`

WeChat Work sends ?msg_signature=xxx, not ?signature=xxx. Reading req.query.signature will always be undefined.

2. Signature must include echostr/encrypt

GET verification: SHA1(sort([token, timestamp, nonce, echostr])) POST messages: SHA1(sort([token, timestamp, nonce, encrypt]))

NOT SHA1(sort([token, timestamp, nonce])) — the encrypted payload MUST participate in the signature.

3. echostr must be DECRYPTED before returning

WeChat Work sends an AES-encrypted echostr. You must:

Verify msg_signature
AES-256-CBC decrypt the echostr
Strip PKCS#7 padding
Extract message from format: 16-byte random + 4-byte length (BE) + message + CorpID
Return the decrypted message (not the raw echostr)

4. APP_SECRET ≠ EncodingAESKey

APP_SECRET (应用密钥): Used to get access_token for sending messages
AGENT_SECRET / EncodingAESKey: Used for AES encryption/decryption
These are TWO DIFFERENT keys from the WeChat Work console

5. Express body parser must accept multiple Content-Types

WeChat Work may send XML as text/xml, application/xml, or other types:

app.use(express.text({ type: ['application/xml', 'text/xml', 'text/plain', '*/*'] }));

6. Async reply pattern is mandatory

WeChat Work requires response within 5 seconds. AI responses take 5-30s. Solution:

Return res.status(200).send('success') immediately
Call OpenClaw asynchronously
Send reply via POST /cgi-bin/message/send?access_token=xxx

7. IP whitelist required for sending messages

WeChat Work API (qyapi.weixin.qq.com) requires your server's public IP in the app's trusted IP list. Error 60020 means IP not whitelisted.

8. Enterprise verification required

⚠️ Unverified enterprises risk account suspension. WeChat may ban accounts that use API automation without proper enterprise verification. Complete verification before production use.

9. Cloudflare quick tunnels are unstable

Quick (account-less) tunnels generate new URLs on restart and may disconnect unexpectedly. For production, use Named Tunnels ($7/mo) or a static IP.

Environment Variables

CORP_ID=ww...              # From WeChat Work admin
AGENT_ID=1000003           # Application agent ID
AGENT_SECRET=xxx           # EncodingAESKey (43-char Base64, for encryption)
APP_SECRET=xxx             # Application Secret (for access_token)
WEBHOOK_TOKEN=xxx          # Token configured in webhook settings
OPENCLAW_TOKEN=xxx         # OpenClaw gateway bearer token
OPENCLAW_BASE_URL=http://localhost:18789  # OpenClaw gateway URL
CLAUDE_MODEL=claude-haiku-4-5             # AI model

Files

scripts/deploy.sh — One-command deployment
scripts/index.js — Production-ready adapter (all fixes applied)
references/setup-guide.md — Step-by-step WeChat Work configuration
references/security-guide.md — Security architecture and hardening

Troubleshooting

Symptom	Cause	Fix
`signature=undefined`	Using `req.query.signature`	Use `req.query.msg_signature`
Signature mismatch	echostr/encrypt not in calculation	Include 4th element in sort array
`-30065` error	Returning encrypted echostr	Decrypt before returning
`bad decrypt`	Wrong key or `setAutoPadding(true)`	Use `setAutoPadding(false)` + manual PKCS#7
`body长度=undefined`	Body parser doesn't match Content-Type	Accept `/` in express.text()
`60020` IP error	Server IP not whitelisted	Add public IP in WeChat Work console
Timeout	5s limit exceeded	Use async pattern: return success, send via API
Account banned	Unverified + automated messages	Verify enterprise first

Comments

Loading comments...