wechat_messaging
通过微信查询好友并确认后,向指定好友发送文本消息,支持多好友选择和发送确认流程。
MIT-0 · Free to use, modify, and redistribute. No attribution required.
⭐ 0 · 185 · 0 current installs · 0 all-time installs
by@aw11100
MIT-0
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The stated purpose (query contacts and send WeChat text messages) aligns with the described API calls (queryFriend, sendText). However the registry metadata declares no required environment variables while SKILL.md uses WECHAT_APPID (and even provides a concrete value). That mismatch is incoherent and should be resolved.
Instruction Scope
Instructions direct the agent to call an external endpoint (base URL set to https://192.168.29.1:8080) and to use an appid value embedded in the SKILL.md. The flow itself (query then confirm then send) is scoped to messaging, but the hardcoded appid and the use of an IP-address endpoint (likely an internal host) are risky: the agent will send user-supplied message content and contact identifiers to that endpoint. There are no directives to authenticate beyond the appid, and no safeguards about what data to transmit.
Install Mechanism
Instruction-only skill with no install spec or code files. This minimizes disk write/execution risk; no installers or external packages are pulled.
Credentials
The registry advertised no required env vars, yet SKILL.md references WECHAT_APPID (and populates it with a concrete value). Hardcoding what appears to be an application credential in SKILL.md is inappropriate for a public skill and suggests either sloppy packaging or unintended exposure of a secret. The endpoint also implies the skill expects a reachable service that is not declared.
Persistence & Privilege
Skill does not request always:true and is user-invocable only. It does not claim to modify other skills or system settings. Autonomous invocation is permitted (platform default) but there are no extra persistence privileges requested.
Scan Findings in Context
[no_code_files_or_scannable_content] expected: The regex scanner had nothing to analyze because this is an instruction-only skill (SKILL.md only). This is expected for an instruction-only integration, but it means behavioral risks come entirely from the SKILL.md content.
What to consider before installing
Do not install blindly. Verify with the author or maintainer: (1) why the registry lists no required env vars while SKILL.md uses WECHAT_APPID; ask them to declare and document required credentials rather than embedding them; (2) confirm the intended API base URL — the file currently points at 192.168.29.1 (an internal IP) which could cause the agent to talk to an untrusted local service; replace with a trusted HTTPS domain; (3) never use the skill with sensitive messages until you trust the endpoint and credential handling; (4) ask for code or an audited implementation if you need to run this in production. Because the skill will transmit message content and contact identifiers to the configured endpoint, treat the endpoint and credentials as sensitive and validate them out-of-band before use.Like a lobster shell, security has layers — review code before you run it.
Current versionv1.0.0
Download ziplatest
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
SKILL.md
name: wechat_messaging description: 通过微信向好友发送消息。流程:查询好友 -> 确认目标 -> 发送内容。
这里填入你的 API 基础域名,例如 http://api.example.com
endpoint: https://192.168.29.1:8080 env: WECHAT_APPID: wx_KcD1dMEn7KidBemwN2lVh
微信消息助手技能说明
工具 1: 查询好友 (queryFriend)
- 路径:
GET /aiTest/queryFriend - 参数:
appid: {{env.WECHAT_APPID}}name: 用户提供的好友名称
工具 2: 发送消息 (sendText)
- 路径:
POST /aiTest/sendText - 参数:
appid: {{env.WECHAT_APPID}}contact: 目标好友的 wxId (从 queryFriend 获取)content: 文本内容
强制逻辑流程
- 收到发消息请求,必须先执行
queryFriend。 - 若返回多个好友,展示列表让用户选。
- 若返回一个好友,告知用户并询问“确定发送吗?”。
- 得到确认后,再执行
sendText。
Files
1 totalSelect a file
Select a file to preview.
Comments
Loading comments…