ClawHub

WeCom MCP Setup

v1.0.0

企业微信 MCP 配置指南。当用户需要"添加企业微信"、"配置企微"、"启用企微消息"、"设置企业微信集成"时触发。提供完整的 MCP Server 配置、权限白名单设置和 Gateway 重启指引。

0· 203·0 current·0 all-time
by@stliuexp

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for stliuexp/wecom-mcp-setup.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "WeCom MCP Setup" (stliuexp/wecom-mcp-setup) from ClawHub.
Skill page: https://clawhub.ai/stliuexp/wecom-mcp-setup
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install wecom-mcp-setup

ClawHub CLI

Package manager switcher

npx clawhub@latest install wecom-mcp-setup
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (WeCom MCP configuration) match the instructions: editing OpenClaw mcporter.json, adding a wecom_mcp server, enabling tool whitelist, restarting Gateway, and validating. The steps and commands (openclaw, mcporter list, gateway restart) are coherent with the stated goal.
Instruction Scope
Instructions are narrowly scoped to MCP setup: edit ~/.openclaw/workspace/config/mcporter.json to add a wecom_mcp entry, set tools.alsoAllow if needed, restart gateway, and verify with mcporter list. They explicitly instruct placing WECOM_CORP_ID / WECOM_AGENT_ID / WECOM_SECRET in the config file (plaintext), which is expected for this task but carries the usual secret-management risks. No unrelated system-wide reads or exfiltration steps are present.
Install Mechanism
There is no formal install spec in the registry (instruction-only). The SKILL.md instructs running the server via 'npx -y wecom-mcp-server', which will fetch and execute a package from the npm registry at runtime. This is coherent for running a node-based MCP server, but it introduces moderate risk because npx downloads third-party code on demand (possible supply-chain/typosquatting risk). The skill does not suggest pinning a package version or verifying package provenance.
Credentials
The skill does not request additional environment variables or external credentials from the registry metadata. The credentials it instructs the admin to provide (Corp ID, Agent ID, Secret) are exactly what a WeCom integration needs; their placement in a local config file is proportionate but should be treated as sensitive data.
Persistence & Privilege
Skill is not always-enabled and is user-invocable. It is instruction-only and does not request persistent elevated privileges or modify other skills. The runtime actions (editing a local OpenClaw config and restarting the Gateway) are appropriate for configuring the integration.
Assessment
This is a legitimate, coherent setup guide for adding a WeCom MCP server to OpenClaw, but take these precautions before following it: 1) Treat the WECOM_* values as sensitive — do not commit mcporter.json into version control; store secrets in an encrypted store or OS secret manager if possible. 2) The guide runs the MCP server via 'npx -y wecom-mcp-server' which downloads and executes code from npm on demand — verify the package name, publisher, and ideally pin a specific version (e.g., wecom-mcp-server@1.2.3) or use a vetted release build (GitHub release or org-maintained artifact). 3) If you cannot verify the npm package, consider installing the server from a trusted source or running it in an isolated environment (container or restricted host). 4) After initial setup, rotate the application secret if it was exposed during testing. 5) If you want stronger guarantees, ask the skill author for the upstream package repository or an official vendor reference before using npx to run it.

Like a lobster shell, security has layers — review code before you run it.

latestvk97fyx2ccy04p24vf0hzyvfy8x840p4t
203downloads
0stars
1versions
Updated 3w ago
v1.0.0
MIT-0
@stliuexp
latest
Download

企业微信 MCP 配置指南

本技能指导如何在 OpenClaw 中配置企业微信 MCP 集成,启用后可使用消息收发、待办管理、会议调度等功能。

前置条件

  • OpenClaw 已安装并正常运行
  • 企业微信管理员权限(用于获取 Corp ID、Agent ID 和 Secret)
  • 可用的 wecom-mcp-server

配置步骤

步骤 1:添加 MCP Server

编辑 ~/.openclaw/workspace/config/mcporter.json,在 mcpServers 中添加:

{
  "mcpServers": {
    "wecom_mcp": {
      "command": "npx",
      "args": ["-y", "wecom-mcp-server"],
      "env": {
        "WECOM_CORP_ID": "<你的企业ID>",
        "WECOM_AGENT_ID": "<你的应用ID>",
        "WECOM_SECRET": "<你的应用密钥>"
      }
    }
  }
}

获取凭证:登录企业微信管理后台 → 应用管理 → 选择应用 → 查看 Corp ID、Agent ID 和 Secret

步骤 2:配置工具权限白名单

检查当前权限配置:

openclaw config get tools.profile
  • 如果返回 full → 跳过此步骤,所有工具已无限制
  • 如果返回其他值 → 执行以下命令:
openclaw config set tools.alsoAllow '["wecom_mcp"]'

如果 alsoAllow 中已有其他工具,需要合并写入,例如:

openclaw config set tools.alsoAllow '["other_tool", "wecom_mcp"]'

步骤 3:重启 Gateway

配置变更后必须重启 Gateway:

openclaw gateway restart

步骤 4:验证配置

重启后,可以测试 MCP 是否正常工作:

mcporter list

如果看到 wecom_mcp 在列表中,说明配置成功。

可用的企业微信 Skills

配置完成后,以下 skills 将自动可用:

Skill功能
wecom-msg消息收发、聊天记录查看
wecom-get-todo-list待办列表查询
wecom-edit-todo待办创建/更新/删除
wecom-schedule日程管理
wecom-meeting-create会议创建
wecom-meeting-query会议查询
wecom-contact-lookup通讯录查询

故障排查

MCP Server 无法启动

  1. 检查 Node.js 版本(需要 18+)
  2. 确认凭证是否正确
  3. 查看 Gateway 日志:openclaw gateway logs

工具调用无权限

确认 tools.alsoAllow 包含 wecom_mcp

openclaw config get tools.alsoAllow

找不到 openclaw 命令

  • 确认 OpenClaw 已安装
  • 检查 PATH 环境变量

安全提示

  • 不要将包含真实凭证的配置文件分享给他人
  • 企业微信凭证应存储在本地配置文件中,不要提交到版本控制
  • 定期轮换应用密钥以保证安全

Comments

Loading comments...