ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

OpenClaw WeChat Setup

v1.0.0

Install and connect the WeChat (微信) channel plugin for OpenClaw. Use when the user asks to set up WeChat, connect WeChat, install the WeChat plugin, scan WeC...

1· 282·1 current·1 all-time
byRong@kylinr
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name, description, and runtime steps all align: the SKILL.md explains how to install and enable an OpenClaw WeChat plugin and how to log in via QR. The commands and config paths referenced (openclaw CLI, plugin enablement, gateway restart, channels login) are appropriate for this purpose.
Instruction Scope
Instructions are narrowly scoped to installing the plugin, starting the QR login flow, verifying status, and optional configuration. They do not request unrelated files, system-wide credentials, or data exfiltration. They do assume the user will run commands in a terminal and may instruct inspection of OpenClaw's config and status, which is appropriate for this task.
Install Mechanism
Installation is performed by running 'npx -y @tencent-weixin/openclaw-weixin-cli@latest install'. This is a reasonable delivery mechanism for an npm-based CLI but has supply-chain considerations: npx fetches and executes a package from the npm registry (using the latest tag), which can run arbitrary install scripts. The skill itself contains no bundled code or vetted install spec.
Credentials
The skill declares no environment variables, credentials, or config paths. The operations it requests (running openclaw commands and scanning a QR from the mobile WeChat app) match the stated purpose and do not require additional secrets or unrelated access.
Persistence & Privilege
always is false and the skill is instruction-only. It does not request persistent elevated privileges, nor does it modify other skills or system-wide agent settings. Autonomous invocation is allowed by default but not specific to this skill and does not by itself create additional privileges.
Assessment
This skill appears to do what it says: it tells you to install a WeChat plugin for OpenClaw and to scan a QR to link an account. Before running the provided commands, consider these precautions: - Verify you have the openclaw CLI installed and working. - Inspect the npm package (https://www.npmjs.com/package/@tencent-weixin/openclaw-weixin-cli or the package's GitHub repo) before running npx, and prefer a pinned version rather than '@latest' if you want repeatability. - Be aware that npx executes code downloaded from the npm registry; run it in a trusted or isolated environment (not as root) if you have concerns. - After installation, check OpenClaw plugin settings and logs to confirm expected behavior and revoke access if unexpected activity occurs. - If you want higher assurance, obtain the plugin from an official OpenClaw or Tencent repository and validate its source code/maintainer identity before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ecccwfh6zacmfn8vqq3x9j183dh6v

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

OpenClaw WeChat (微信) Plugin Setup

Install and connect WeChat as a messaging channel for OpenClaw.

Prerequisites

  • OpenClaw installed and running (openclaw CLI available)
  • A WeChat account on a mobile device for QR code scanning

Setup Workflow

Step 1: Install the plugin

npx -y @tencent-weixin/openclaw-weixin-cli@latest install

This command will:

  1. Detect the local OpenClaw installation
  2. Download and install the @tencent-weixin/openclaw-weixin plugin
  3. Enable the plugin in OpenClaw config
  4. Start the WeChat QR code login flow
  5. Display a terminal QR code for scanning

Step 2: Scan the QR code

The CLI prints an ASCII QR code in the terminal. The user must scan it with their WeChat mobile app to authorize the connection.

Important: The QR code renders correctly only in a monospace terminal. It will appear garbled in chat interfaces (webchat, Feishu, etc.) due to proportional fonts. If the user cannot see the QR code clearly:

  • Instruct them to run the command directly in their terminal (Terminal.app, iTerm2, etc.)
  • Or use openclaw channels login --channel openclaw-weixin after plugin is installed

Step 3: Verify connection

After scanning, verify the connection:

openclaw status 2>/dev/null | grep -i "openclaw-weixin"

Expected output should show openclaw-weixin │ ON │ OK.

Step 4: Restart gateway (if needed)

If the plugin was installed but the gateway wasn't restarted:

openclaw gateway restart

Adding More WeChat Accounts

openclaw channels login --channel openclaw-weixin

Each scan creates a new account entry. Multiple WeChat accounts can be online simultaneously.

Context Isolation (Optional)

To isolate conversation context per WeChat account:

openclaw config set agents.mode per-channel-per-peer

Troubleshooting

IssueSolution
QR code garbled in chatRun the command in a real terminal
QR code expiredRe-run openclaw channels login --channel openclaw-weixin
Plugin not loadingCheck openclaw status, ensure plugins.entries.openclaw-weixin.enabled is true
"No install record" warningNon-critical; plugin still functions if files exist locally
Connection droppedRe-run login command to re-authenticate

Files

1 total
Select a file
Select a file to preview.

Comments

Loading comments…