ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

微信 ClawBot 插件安装

v5.0.1

Install and connect the WeChat ClawBot (微信ClawBot) channel plugin for OpenClaw. Patches qrcode-terminal to output scannable image URLs instead of ASCII QR co...

1· 120·0 current·0 all-time
byskyfox@shaojiankui
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
Name/description, SKILL.md, and the included script all align: they install/connect the openclaw-weixin plugin and patch qrcode-terminal to emit an image URL. The hard-coded filesystem paths (/home/node/.openclaw/...) and the expectation of Node/npm are consistent with the stated task, but the script assumes a specific install location and user (node) which may not match every deployment.
!
Instruction Scope
SKILL.md instructs editing plugin internals (node_modules main.js) via sed and restarting/reloading the gateway (kill -USR1 $(pgrep -f openclaw-gateway)). Those actions are within scope for a plugin patch but grant the skill authority to modify code on disk and signal processes. More importantly, the patch replaces ASCII QR output with a URL that encodes the QR data and points to an external service — this transmits the QR payload (likely containing authentication tokens/URLs) outside the host, which is beyond the minimal scope of 'make QR scannable'.
Install Mechanism
There is no automated install spec; the skill is instruction-only and provides a shell script. No remote code download occurs as part of the script itself. The risk is limited to editing local plugin files (sed/backup). However, the implementation chooses a remote QR generation API instead of a local image generation approach, which introduces network/privacy risk at runtime rather than during installation.
!
Credentials
The skill requests no credentials or env vars, and references only local plugin/config/state paths (which is reasonable). The proportionality concern is network/third-party exposure: the patch builds a URL to https://api.qrserver.com/v1/create-qr-code/?... and encodes the QR payload into the query string, thereby leaking potentially sensitive QR contents (login tokens, account links) to an external service unrelated to OpenClaw or Tencent. This is not justified by the stated purpose and is avoidable (local QR rendering or self-hosted generator would be better).
Persistence & Privilege
always:false and no special platform privileges. The script modifies a third-party plugin file (node_modules) and creates a .bak file; this is a local persistent change but limited to the plugin. The SKILL.md warns the patch will be lost on plugin updates. The use of kill to signal openclaw-gateway is a normal reload technique but does affect running processes.
Scan Findings in Context
[external-qr-api-url] unexpected: The script and SKILL.md contain a hard-coded external URL (https://api.qrserver.com/v1/create-qr-code/). While an external image link can make scanning easier, it causes the QR payload to be transmitted to a third-party service and is not necessary for the stated purpose (could be generated locally).
What to consider before installing
This skill appears to perform the advertised WeChat plugin install and patch, but it modifies plugin files and sends the QR payload to a public QR image service (api.qrserver.com). That QR data often contains authentication/state tokens — sending it to a third party can leak access. Before installing: (1) review the plugin package (@tencent-weixin/openclaw-weixin-cli) source and confirm you trust it; (2) prefer a local QR generation approach (e.g., a local Node QR library or self-hosted QR service) instead of api.qrserver.com; (3) back up the original main.js (the script already makes a .bak), and test in an isolated environment; (4) be cautious when running the kill/pgrep commands — ensure they target the intended process; (5) if you must use this patch, understand it will be overwritten on plugin updates and that you are intentionally sending QR contents to an external domain. If you want, I can suggest a variant of the patch that generates the QR image locally to avoid leaking QR data.

Like a lobster shell, security has layers — review code before you run it.

latestvk977rnjq3vhpxhmmep35h0y46h83gc6q

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments