ClawHub

qywx-notify

A skill for sending notifications via WeChat Work.

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 124 · 0 current installs · 0 all-time installs
by@yc-weichao
MIT-0
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (WeCom webhook notifications) align with the included files and behavior: index.js posts to a provided webhook URL and SKILL.md shows CLI and code usage. Dependencies (axios) are appropriate for HTTP calls.
Instruction Scope
SKILL.md instructions are in-scope (copy to ~/.openclaw/skills, run npm install, supply webhook URL). The code emits console logs of configuration and request payloads (it masks the webhook token path but still logs request data/content), which can expose message content or webhook tokens in local logs — consider this before using in environments where logs are collected.
Install Mechanism
No install spec in registry; SKILL.md asks the user to run npm install in the skill directory which will fetch axios from the public npm registry. This is expected for a Node skill but carries the usual npm supply-chain risks; the package.json lists only axios as a dependency.
Credentials
The skill requests no environment variables, credentials, or config paths. It only requires the webhook URL provided at runtime or via a configurable defaultWebhook — this is proportionate to the stated purpose.
Persistence & Privilege
Skill is not set to always:true and doesn't request elevated platform privileges. It stores its own configurable defaultWebhook in its config object according to SKILL.md; nothing indicates modification of other skills or global agent settings.
Assessment
This skill appears to do exactly what it says: POST messages to a WeCom webhook you supply. Before installing: (1) keep webhook URLs secret — anyone with the URL can post messages; (2) review or remove noisy console logging in index.js if you don't want message content or masked webhook paths appearing in agent logs; (3) run npm install in a controlled environment and consider auditing or pinning the axios dependency (supply-chain risk); (4) test with a throwaway webhook first to confirm behavior; and (5) if your system aggregates logs externally, ensure logs from this skill won't leak sensitive content. If you need higher assurance, review the full index.js file locally (it is short and readable) or run it in an isolated container.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.0
Download zip
latestvk97evp1h31rfc07dhyy4mh7kqn82pk81

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

WeCom Notification Skill

Overview

Send notifications to group chats via WeCom robot Webhook, supporting text, images (Markdown format), and Markdown rich text.

Quick Start

Installation

# Copy to OpenClaw Skills directory
cp -r qywx-notify ~/.openclaw/skills/

# Install dependencies
cd ~/.openclaw/skills/qywx-notify
npm install

Usage

# Send text notification
openclaw skill qywx-notify send \
  --webhook "your-webhook-url" \
  --content "Hello, this is a test notification"

# Send notification with image
openclaw skill qywx-notify send \
  --webhook "your-webhook-url" \
  --content "Please check the image" \
  --image "https://example.com/image.jpg"

# Send Markdown format notification
openclaw skill qywx-notify send \
  --webhook "your-webhook-url" \
  --content "## Important Notice\n\n- Project update\n- Meeting reminder" \
  --msgtype "markdown" \
  --title "Daily Briefing"

Features

  • ✅ Text notifications
  • ✅ Image notifications (Markdown format)
  • ✅ Markdown rich text
  • ✅ @all mention support
  • ✅ Automatic retry on failure
  • ✅ Complete error handling
  • ✅ Both CLI and code-based invocation

Webhook URL Format

https://{your-domain}/weai-core/v1/qywx/webhook-messages/bot/{bot-token}

2. Call in Code

const QywxNotifySkill = require('./index.js');
const skill = new QywxNotifySkill(config);

// Send notification
const result = await skill.send({
  webhook: "your-webhook-url",
  content: "System is running normally",
  image: "https://example.com/status.jpg",
  mentionAll: true
});

console.log(result);

3. Message Format Examples

Text message:

{
  "msgtype": "text",
  "text": {
    "content": "Hello, please check the image: ![image](https://example.com/image.jpg)",
    "mentioned_list": ["@all"]
  }
}

Markdown message:

{
  "msgtype": "markdown",
  "markdown": {
    "content": "# Important Notice\n\n- Project update\n- Meeting reminder\n\n![image](https://example.com/image.jpg)"
  }
}

Examples

Example 1: Send Simple Notification

openclaw skill qywx-notify send \
  --webhook "your-webhook-url" \
  --content "Maintenance Notice: System upgrade tonight from 20:00-22:00. Please save your work in advance."

Example 2: Send Notification with Image

openclaw skill qywx-notify send \
  --webhook "your-webhook-url" \
  --content "Monthly report has been generated, please review:" \
  --image "https://example.com/reports/202503/report.jpg" \
  --mentionAll true

Example 3: Send Markdown Format Notification

openclaw skill qywx-notify send \
  --webhook "your-webhook-url" \
  --content "## Project Progress\n\n✅ Completed:\n- Requirements analysis\n- Prototype design\n\n⏳ In progress:\n- Development\n\n📅 Next week plan:\n- Testing and acceptance" \
  --msgtype "markdown" \
  --title "Weekly Project Report"

Error Handling

Common Errors

  1. Invalid Webhook URL: Check if the URL format is correct
  2. Network connection failure: Check network connectivity and firewall settings
  3. Insufficient permissions: Check if the robot has permission to send messages
  4. Content too long: WeCom message content limit is 2048 characters

Error Response

{
  "success": false,
  "message": "Send failed: WeCom API error: invalid webhook url (code: 400)",
  "error": {
    "errcode": 400,
    "errmsg": "invalid webhook url"
  }
}

Testing

Test Connection

openclaw skill qywx-notify test --webhook "your-webhook-url"

View Configuration

openclaw skill qywx-notify config

Integration with Other Skills

Call from Python

import subprocess
import json

def send_qywx_notification(webhook, content, image=None):
    """Send WeCom notification"""
    cmd = ["openclaw", "skill", "qywx-notify", "send"]
    cmd.extend(["--webhook", webhook])
    cmd.extend(["--content", content])
    
    if image:
        cmd.extend(["--image", image])
    
    try:
        result = subprocess.run(cmd, capture_output=True, text=True, check=True)
        return json.loads(result.stdout)
    except subprocess.CalledProcessError as e:
        print(f"Send failed: {e.stderr}")
        return None

Security Considerations

  1. Protect Webhook URL: The Webhook URL contains sensitive information. Do not share it publicly.
  2. Access control: Set minimum required permissions for the robot.
  3. Content moderation: Avoid sending sensitive or inappropriate content.
  4. Rate limiting: Comply with WeCom's message sending rate limits.

Files

3 total
Select a file
Select a file to preview.

Comments

Loading comments…