ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

微信 ClawBot 插件安装

v5.0.1

Install and connect the WeChat ClawBot (微信ClawBot) channel plugin for OpenClaw. Patches qrcode-terminal to output scannable image URLs instead of ASCII QR co...

1· 184·0 current·0 all-time
byskyfox@shaojiankui
Security Scan
VirusTotalVirusTotal
Pending
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
Name/description, SKILL.md, and the included script all align: they install/connect the openclaw-weixin plugin and patch qrcode-terminal to emit an image URL. The hard-coded filesystem paths (/home/node/.openclaw/...) and the expectation of Node/npm are consistent with the stated task, but the script assumes a specific install location and user (node) which may not match every deployment.
!
Instruction Scope
SKILL.md instructs editing plugin internals (node_modules main.js) via sed and restarting/reloading the gateway (kill -USR1 $(pgrep -f openclaw-gateway)). Those actions are within scope for a plugin patch but grant the skill authority to modify code on disk and signal processes. More importantly, the patch replaces ASCII QR output with a URL that encodes the QR data and points to an external service — this transmits the QR payload (likely containing authentication tokens/URLs) outside the host, which is beyond the minimal scope of 'make QR scannable'.
Install Mechanism
There is no automated install spec; the skill is instruction-only and provides a shell script. No remote code download occurs as part of the script itself. The risk is limited to editing local plugin files (sed/backup). However, the implementation chooses a remote QR generation API instead of a local image generation approach, which introduces network/privacy risk at runtime rather than during installation.
!
Credentials
The skill requests no credentials or env vars, and references only local plugin/config/state paths (which is reasonable). The proportionality concern is network/third-party exposure: the patch builds a URL to https://api.qrserver.com/v1/create-qr-code/?... and encodes the QR payload into the query string, thereby leaking potentially sensitive QR contents (login tokens, account links) to an external service unrelated to OpenClaw or Tencent. This is not justified by the stated purpose and is avoidable (local QR rendering or self-hosted generator would be better).
Persistence & Privilege
always:false and no special platform privileges. The script modifies a third-party plugin file (node_modules) and creates a .bak file; this is a local persistent change but limited to the plugin. The SKILL.md warns the patch will be lost on plugin updates. The use of kill to signal openclaw-gateway is a normal reload technique but does affect running processes.
Scan Findings in Context
[external-qr-api-url] unexpected: The script and SKILL.md contain a hard-coded external URL (https://api.qrserver.com/v1/create-qr-code/). While an external image link can make scanning easier, it causes the QR payload to be transmitted to a third-party service and is not necessary for the stated purpose (could be generated locally).
What to consider before installing
This skill appears to perform the advertised WeChat plugin install and patch, but it modifies plugin files and sends the QR payload to a public QR image service (api.qrserver.com). That QR data often contains authentication/state tokens — sending it to a third party can leak access. Before installing: (1) review the plugin package (@tencent-weixin/openclaw-weixin-cli) source and confirm you trust it; (2) prefer a local QR generation approach (e.g., a local Node QR library or self-hosted QR service) instead of api.qrserver.com; (3) back up the original main.js (the script already makes a .bak), and test in an isolated environment; (4) be cautious when running the kill/pgrep commands — ensure they target the intended process; (5) if you must use this patch, understand it will be overwritten on plugin updates and that you are intentionally sending QR contents to an external domain. If you want, I can suggest a variant of the patch that generates the QR image locally to avoid leaking QR data.

Like a lobster shell, security has layers — review code before you run it.

latestvk977rnjq3vhpxhmmep35h0y46h83gc6q
184downloads
1stars
9versions
Updated 3w ago
v5.0.1
MIT-0
skyfox@shaojiankui
latest
Download

微信 ClawBot 插件安装与连接

English: Install, connect, and troubleshoot the WeChat ClawBot channel plugin for OpenClaw.

前置条件

  • OpenClaw 已安装并运行(openclaw CLI 可用)
  • 手机上有微信账号,用于扫码
  • Node.js / npm(用于 patch)

流程

第 1 步:安装插件

npx -y @tencent-weixin/openclaw-weixin-cli@latest install

第 2 步:Patch qrcode-terminal(webchat/Discord/Feishu 必需)

插件使用 qrcode-terminal 输出 ASCII 二维码,在等宽终端里正常,但在 webchat、Discord、Feishu 等界面里无法扫描

需要 patch 为图片 URL 输出:

QR_MAIN=$(find /home/node/.openclaw/extensions/openclaw-weixin/node_modules/qrcode-terminal/lib/main.js -type f 2>/dev/null | head -1)

if [ -f "$QR_MAIN" ]; then
  sed -i '/var qrcode = new QRCode(-1, this.error);/c\
        // Patched: output image URL instead of ASCII\
        var encoded = encodeURIComponent(input);\
        var imageUrl = "https://api.qrserver.com/v1/create-qr-code/?size=400x400&data=" + encoded;\
        var output = "\\n📷 扫码链接(复制到浏览器打开或微信扫一扫):\\n" + imageUrl + "\\n";\
        if (cb) cb(output); else console.log(output);\
        return;\n' "$QR_MAIN"
  echo "✅ 已 patch $QR_MAIN"
else
  echo "ERROR: qrcode-terminal 未找到,请先安装微信插件"
fi

⚠️ 重要: 插件更新后 patch 会丢失,需要重新执行。

第 3 步:登录扫码

openclaw channels login --channel openclaw-weixin --verbose

会输出一个 QR 图片链接。在浏览器打开,用微信扫码完成连接。

第 4 步:验证连接

openclaw status 2>&1 | grep -i "openclaw-weixin"

期望输出:openclaw-weixin │ ON │ OK

第 5 步:⚠️ 修复 accountId 不匹配(常见问题)

扫码登录成功后,插件注册的 accountId 和 config 里的可能不一致,导致收不到消息

排查方法:

  1. 查看 config:openclaw config get channels.openclaw-weixin
  2. 查看实际注册:cat /home/node/.openclaw/state/openclaw-weixin/accounts.json
  3. 如果不一致,更新 config 并 reload:
# 把 NEW_ACCOUNT_ID 替换为 accounts.json 里的值
openclaw config set channels.openclaw-weixin.accountId "NEW_ACCOUNT_ID"

# Reload gateway
kill -USR1 $(pgrep -f openclaw-gateway)

添加更多微信账号

openclaw channels login --channel openclaw-weixin

每次扫码创建一个新账号,可同时在线多个。

会话隔离(可选)

按微信账号隔离会话上下文:

openclaw config set agents.mode per-channel-per-peer

常见问题

问题解决方案
二维码在聊天中无法扫描执行 patch(第 2 步)或用真实终端
二维码过期重新运行 openclaw channels login --channel openclaw-weixin
插件未加载检查 openclaw status,确认已启用
发消息没回复⚠️ 检查 accountId 不匹配(第 5 步)
连接断开重新运行登录命令重新认证
插件更新后 patch 失效重新执行 qrcode-terminal patch(第 2 步)

Comments

Loading comments...