通过微信控制openclaw

v1.0.0

在 OpenClaw 中提供 WeChat 回调接入、群私聊会话路由、消息发送与图片识别入口能力。

⭐ 0· 228·0 current·0 all-time

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for wechat-ipad-api/wechat-gateway.

Previewing Install & Setup.

Prompt PreviewInstall & Setup

Install the skill "通过微信控制openclaw" (wechat-ipad-api/wechat-gateway) from ClawHub.
Skill page: https://clawhub.ai/wechat-ipad-api/wechat-gateway
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Required env vars: WX_API_TOKEN, PUBLIC_URL
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install wechat-gateway

ClawHub CLI

Package manager switcher

npx clawhub@latest install wechat-gateway

Security Scan

VirusTotal

Suspicious

View report →

OpenClaw

Benign

medium confidence

✓

Purpose & Capability

The name/description (WeChat gateway for OpenClaw) match the actual artifacts: SKILL.md, README, and a single-file Python gateway (main.py). The required environment variables (WX_API_TOKEN and PUBLIC_URL) are appropriate for a webhook/gateway service. No unrelated credentials or binaries are requested.

ℹ

Instruction Scope

Runtime instructions and code focus on receiving WeChat callbacks, parsing messages, constructing session IDs, calling the OpenClaw CLI, and returning results. This aligns with the stated purpose. Important privacy/behavior note: the default WX API base_url is a third-party host (http://api.wechatapi.net/finder/v2/api). By default the gateway will interact with that external service for WeChat API operations — user messages and images may be proxied through that service unless you change configuration or deploy a different backend.

✓

Install Mechanism

This is an instruction-only skill with a bundled main.py; there is no install spec that downloads remote code. Dependencies are standard Python packages listed in README (fastapi, uvicorn, requests, pillow, qrcode). No unusual or opaque download URLs or extract/install steps are present in the manifest.

✓

Credentials

Only WX_API_TOKEN (primary credential) and PUBLIC_URL are required, which are justified by the gateway's need to authenticate with a WeChat API service and advertise a callback URL. The code writes a local config.ini and logs/images to disk; those filesystem writes are consistent with the gateway function. No additional unrelated secrets or config paths are requested.

✓

Persistence & Privilege

The skill does not request always:true and does not alter other skills. It writes a local config.ini, log files, and stores images under the skill directory (logs/, images/) — normal for a gateway service. It also invokes subprocesses to run the OpenClaw CLI; that is in-scope but means the gateway will execute a local binary (OPENCLAW_BIN configurable).

Assessment

This package appears to do what it says: run a local FastAPI webhook that forwards WeChat messages to OpenClaw via the CLI. Before installing, consider: - Privacy: by default the code uses api.wechatapi.net as the WeChat API backend. Messages and images may be proxied through that third-party service. If you have sensitive data, either host your own WeChat API backend or confirm the third party's privacy/security policy. - Credentials: WX_API_TOKEN is required — treat it like any service token. Do not paste a privileged token into unknown code or public repos. - Public exposure: PUBLIC_URL must be reachable from the internet for callbacks. Exposing a public callback can accept inbound traffic; run behind TLS/reverse-proxy or on an isolated host if needed. - CLI execution: the gateway invokes the OpenClaw CLI per message (subprocess). Ensure OPENCLAW_BIN points to the intended binary and run in an environment where executing that binary is safe. An attacker replacing that binary could cause arbitrary code execution. - Storage: the skill writes config.ini, logs, and saved images locally. Monitor disk usage and clear stored images if they contain sensitive content. - Review & sandboxing: if you are not 100% comfortable, review the full main.py (it’s included) or run it in an isolated VM/container before production use. Verify/pin dependency versions when installing the required Python packages. If you want a higher-confidence assessment, provide the full (non-truncated) main.py content so I can scan for any hidden network endpoints, unusual subprocess calls, or data-exfiltration patterns.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

💬 Clawdis

EnvWX_API_TOKEN, PUBLIC_URL

Primary envWX_API_TOKEN

latestvk976f6367egmkj39qw84mtqc8n837pn5

228downloads

0stars

1versions

Updated 23h ago

v1.0.0

MIT-0

WeChat OpenClaw Gateway

这个 skill 用于在 OpenClaw 场景里接入一个可运行的 WeChat 网关项目，适用于：

希望把微信作为 OpenClaw 的入口
需要处理微信私聊 / 群聊消息回调
需要构造稳定的 session_id
需要把 AI 响应重新发送回微信
需要支持图片消息识别与命令结果回传

什么时候使用这个 skill

当用户有以下需求时，应优先使用本 skill：

“把微信接到 OpenClaw”
“做一个微信 AI 机器人”
“做群聊 AI 助手”
“把微信作为 Agent 入口”
“需要接入 WeChat API 回调”
“需要多会话并发、同会话顺序处理”

这个 skill 提供什么

本 skill 附带一个可运行的单文件网关项目 main.py，主要能力包括：

接收微信回调
解析回调结构
判断私聊 / 群聊 / 自己发送
构造 session_id
使用 OpenClaw CLI 调用 agent
把结果回发到微信
支持文本消息和图片消息
支持白名单、群触发词、去重、worker 并发

核心规则

1. 必须先做初始化

首次运行 main.py 时，需要输入：

WX_API_TOKEN
PUBLIC_URL
群触发词
地区 ID

程序会自动生成 config.ini。

2. 微信 API 基础地址默认固定

当前默认使用：

http://api.wechatapi.net/finder/v2/api

一般不需要手动修改。

3. PUBLIC_URL 不能为空

因为图片回传和回调地址都依赖它。

真正回调地址格式为：

PUBLIC_URL + /wechat/callback

例如：

http://your-domain:5000/wechat/callback

4. 当前只稳定处理两类消息

文本消息
图片消息

5. 群消息必须做触发词收口

默认群触发词示例为：

狗子

例如群里发送：

狗子你在干什么

6. 私聊默认使用白名单

用户发送：

我是你的主人

即可自动加入白名单。

回调解析要点

微信回调解析时，应重点关注：

TypeName
Wxid
Data.MsgType
Data.FromUserName.string
Data.ToUserName.string
Data.Content.string

是否自己发送

使用下面逻辑判断：

is_self = bool(wxid and from_user == wxid)

是否群消息

使用下面逻辑判断：

is_group = from_user.endswith("@chatroom") or to_user.endswith("@chatroom")

群内真实发送人

群消息里真实发送人可能在 Content.string 前半段：

if is_group and raw_content and ":\n" in raw_content:
    possible_sender, possible_text = raw_content.split(":\n", 1)
    if possible_sender.startswith("wxid_"):
        sender_wxid = possible_sender
        actual_text = possible_text.strip()

Session 设计规则

并发策略

本项目采用：

不同 session 并行
同一 session 固定到同一 worker，保证顺序

示例：

def shard_index_for_session(session_id: str, worker_count: int) -> int:
    h = int(hashlib.md5(session_id.encode("utf-8")).hexdigest(), 16)
    return h % worker_count

当前已知限制

1. 主要瓶颈在 OpenClaw CLI

当前通过下面方式调用：

openclaw agent --session-id xxx --message "..."

所以每条消息都会重新启动一次 OpenClaw CLI，存在：

进程启动开销
配置读取开销
session 恢复开销
provider 初始化开销

2. 当前更像入口网关，而不是完整 SaaS 产品

它适合：

技术验证
场景接入
演示方案
二次开发

附带文件

main.py：单文件网关主程序
README.md：项目说明
PUBLISH.md：ClawHub 发布说明

发布命令

clawhub publish ./wechat-openclaw-gateway --slug wechat-openclaw-gateway --name "WeChat OpenClaw Gateway" --version 1.0.0 --tags latest,wechat,openclaw,gateway

备注

这个 skill 的核心不是“只讲概念”，而是附带一个可运行的项目。
如果你要对外发布，建议把 wechatapi.net、GitHub 仓库地址、演示截图补全后再上传。

Comments

Loading comments...