ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

企业微信快速集成配置

v1.0.0

企业微信快速集成配置 - 5分钟连接 OpenClaw 与企业微信,解锁群机器人、应用消息、客户管理。适合:企业用户、微信生态、客户服务。

0· 112·1 current·1 all-time
by@yang1002378395-cmyk
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill claims to be a quick integration guide for 企业微信 and the described steps (CorpId, AgentId, Secret, webhooks, callback URLs) match that purpose. However, the metadata only declares 'curl' as a required binary while the runtime instructions require the 'openclaw' CLI and editing ~/.openclaw/config.yml; the config path and openclaw binary are not declared. That mismatch is an inconsistency: a legitimate quickstart should declare the tool(s) it expects to run and any config files it will modify.
Instruction Scope
The SKILL.md instructs the user to edit ~/.openclaw/config.yml to store CorpId/AgentId/Secret and to run 'openclaw gateway restart'. Those actions are in-scope for configuring an integration, but the instructions assume write access to a user config file and execution of the 'openclaw' binary. The guide also includes curl examples and webhook POSTs to the official qyapi.weixin.qq.com endpoints only (which is expected).
Install Mechanism
This is an instruction-only skill with no install spec and no code to download or execute. That minimizes installation risk because nothing will be written or executed by the skill itself.
!
Credentials
No environment variables or credential fields are declared in the skill metadata, yet the guide instructs storing secrets (Agent Secret, optional Customer Secret) in the OpenClaw config file. The skill does not declare required config paths (it references ~/.openclaw/config.yml) nor recommend safer secret storage (env vars or secret manager). Storing plaintext secrets in a config file is common but should be explicitly declared and the security implications noted.
Persistence & Privilege
The skill is user-invocable, not always-installed, and allows model invocation (platform defaults). It does not request elevated persistence or to modify other skills or global agent settings. No privilege escalation indicators are present.
What to consider before installing
This skill appears to be a legitimate how-to for connecting OpenClaw to 企业微信, but it has several mismatches you should consider before using it: - Verify local tooling: the instructions expect the 'openclaw' CLI and a ~/.openclaw/config.yml file, but the skill metadata only lists 'curl'. Confirm you have the openclaw binary and that running 'openclaw gateway restart' is safe in your environment. - Backup before changing things: back up ~/.openclaw/config.yml (or your OpenClaw configuration) before adding secrets so you can restore if needed. - Secrets handling: the guide tells you to place application secrets in the config file. Prefer storing secrets in a secure secret manager or environment variables if your platform supports them, or ensure file permissions restrict access (e.g., chmod 600). The skill does not declare or enforce any secret-handling policy. - Endpoint sanity: webhook and API endpoints referenced are the official企业微信 (qyapi.weixin.qq.com) endpoints; still validate any webhook keys/URLs you paste and test with non-production accounts first. - Source provenance: the skill source and homepage are unknown and the owner ID is not a recognized upstream. If this will be used in production, ask the publisher for a trustworthy source or official docs, or prefer official OpenClaw/WeCom documentation. If you proceed: make a config backup, verify binaries and permissions, and use test credentials or restricted accounts until you're comfortable with the integration.

Like a lobster shell, security has layers — review code before you run it.

chinesevk976beprp77f38kc7cy19qyz31838ggfenterprisevk976beprp77f38kc7cy19qyz31838ggflatestvk976beprp77f38kc7cy19qyz31838ggfwecomvk976beprp77f38kc7cy19qyz31838ggf

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Clawdis
Binscurl

SKILL.md

企业微信快速集成配置

目标:5 分钟内完成 OpenClaw + 企业微信集成,开始自动化办公。

🚀 快速开始(3 步)

第一步:创建企业微信应用

  1. 登录 企业微信管理后台
  2. 应用管理 → 自建应用 → 创建应用
  3. 填写信息:
    • 应用名称:OpenClaw Assistant
    • 应用logo:自定义或默认
    • 可见范围:选择部门/人员
  4. 创建后记录:
    • AgentId
    • Secret

第二步:获取企业凭证

在「我的企业」页面获取:

  • CorpId - 企业 ID
  • 在「客户联系」→「API」获取 Customer Secret(可选,用于客户管理)

第三步:配置 OpenClaw

在 OpenClaw 配置文件 ~/.openclaw/config.yml 添加:

channels:
  wecom:
    enabled: true
    corpId: "wx1234567890abcdef"      # 企业 ID
    agentId: 1000001                   # 应用 AgentId
    secret: "xxxxxxxxxxxxxxxxxxxxxxxx"  # 应用 Secret

然后重启 OpenClaw:

openclaw gateway restart

✅ 验证集成

在 OpenClaw 对话中测试:

发送企业微信消息到用户 @user_id:测试成功,OpenClaw 已连接!

如果企业微信收到消息,集成完成!

📋 常见使用场景

场景 1:群机器人消息推送

指令

发送企业微信群消息:项目进度更新:完成 80%

OpenClaw 会自动

  1. 调用群机器人 Webhook
  2. 发送 Markdown 格式消息
  3. 支持 @指定成员

场景 2:客户服务自动化

指令

监控企业微信客户消息,自动回复常见问题

OpenClaw 会自动

  1. 接收客户消息
  2. 匹配知识库
  3. 发送智能回复

场景 3:审批流程集成

指令

当有新审批时,发送企业微信通知给审批人

OpenClaw 会自动

  1. 监控审批状态
  2. 推送通知给相关人员
  3. 记录审批日志

🔧 高级配置

群机器人配置

在企业微信群中添加群机器人:

channels:
  wecom:
    enabled: true
    corpId: "wx1234567890abcdef"
    agentId: 1000001
    secret: "xxx"
    groupBots:
      - name: "开发群"
        webhook: "https://qyapi.weixin.qq.com/cgi-bin/webhook/send?key=xxx"
      - name: "运维群"
        webhook: "https://qyapi.weixin.qq.com/cgi-bin/webhook/send?key=yyy"

多应用支持

如果需要管理多个应用:

channels:
  wecom:
    enabled: true
    corpId: "wx1234567890abcdef"
    apps:
      - name: "OpenClaw Assistant"
        agentId: 1000001
        secret: "xxx"
      - name: "HR Bot"
        agentId: 1000002
        secret: "yyy"

🐛 故障排查

问题 1:消息发送失败

错误invalid corpId or secret

解决

  1. 检查 CorpId 是否正确(「我的企业」页面)
  2. 检查 Secret 是否正确(应用详情页)
  3. 确认应用已发布且可见范围正确

问题 2:群机器人无法推送

错误webhook url invalid

解决

  1. 检查 Webhook URL 格式
  2. 确认机器人未被删除
  3. 测试 URL 可达性: 
    curl -X POST "YOUR_WEBHOOK_URL" \
  -H "Content-Type: application/json" \
  -d '{"msgtype":"text","text":{"content":"测试"}}'

问题 3:客户消息接收失败

错误no callback url

解决

  1. 在企业微信后台配置回调 URL
  2. 设置可信域名
  3. 启用客户联系 API

📚 企业微信 API 参考

应用消息发送

POST https://qyapi.weixin.qq.com/cgi-bin/message/send?access_token=ACCESS_TOKEN

{
  "touser": "UserID",
  "msgtype": "text",
  "agentid": 1000001,
  "text": {
    "content": "这是一条应用消息"
  }
}

群机器人消息

POST https://qyapi.weixin.qq.com/cgi-bin/webhook/send?key=KEY

{
  "msgtype": "markdown",
  "markdown": {
    "content": "### 标题\n**粗体**\n- 列表项"
  }
}

💰 定价参考

  • 基础集成:¥99(应用创建 + 消息发送)
  • 企业定制:¥299(群机器人 + 客户管理 + 自动化)
  • 全托管服务:¥999/月(OpenClaw 托管 + 企业微信集成 + 技术支持)

🆘 获取帮助

创建时间:2026-03-21 作者:OpenClaw 中文生态 版本:1.0.0

Files

2 total
Select a file
Select a file to preview.

Comments

Loading comments…