ClawHub

WeChat Work OpenClaw Adapter

Security checks across malware telemetry and agentic risk

Overview

This looks like a real WeCom-to-OpenClaw messaging bridge, but it handles business chat contents and secrets with too little scoping and disclosure.

Install only if you intentionally want WeCom messages processed by OpenClaw and have organizational approval. Restrict which users or chats are routed, store secrets outside source control with tight permissions, rotate leaked credentials, and require clear admin/user disclosure before enabling the webhook.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The document explicitly states earlier that APP_SECRET and EncodingAESKey are different values, but the environment variable section labels AGENT_SECRET as the EncodingAESKey. This contradiction can cause operators to configure the wrong secret for cryptographic operations or API authentication, leading to failed verification, broken encryption handling, and potentially unsafe ad-hoc workarounds that disable or weaken message validation.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The guide tells users to place multiple high-value secrets into a local .env file but does not include any handling guidance such as restricting file permissions, excluding the file from version control, or using a secret manager. In a setup guide for an internet-exposed messaging adapter, this increases the chance of accidental credential leakage through commits, backups, logs, screenshots, or shared home directories, which could enable API abuse or message forgery if the secrets are exposed.

Missing User Warnings

Medium
Confidence
85% confidence
Finding
The code forwards inbound WeCom message content directly to an external OpenClaw service, which is a real privacy and data-governance risk when messages may contain sensitive employee or business information. In this skill's context, exfiltration to a third-party AI backend is the core feature, so the issue is not malicious code execution but insufficient consent, disclosure, and data-minimization controls around sensitive message handling.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal