Weiyun
PassAudited by VirusTotal on May 10, 2026.
Overview
Type: OpenClaw Skill Name: weiyun Version: 1.0.0 The 'weiyun' skill bundle is a comprehensive MCP (Model Context Protocol) integration for Tencent Weiyun cloud storage. It provides tools for file management, including a specialized upload protocol requiring a custom SHA1 implementation (found in `scripts/upload_to_weiyun.py` and `scripts/gen_block_info_list.py`) to handle Weiyun's FTN streaming states. The authentication flow in `setup.sh` and `references/auth.md` is transparent, utilizing legitimate `weiyun.com` endpoints and requiring explicit user confirmation. While it includes a version-check mechanism that can receive update instructions from the server, this is a standard feature for skill maintenance rather than a malicious backdoor. No evidence of data exfiltration, unauthorized access, or malicious prompt injection was found.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A remote response could influence what the agent does before using the skill, including update actions the user has not reviewed.
The skill tells the agent to follow update instructions returned by a remote service, which can make unreviewed remote text authoritative.
如果当前版本 `version` 低于最新版本 `latest`,则遵循 `instruction` 指令进行更新,或提示用户更新。
Treat remote update text as advisory only; require explicit user approval and preferably signed, pinned, or registry-verified updates before executing any update instructions.
An agent mistake or ambiguous user request could delete cloud files or directories, potentially permanently.
The skill exposes batch deletion, including permanent deletion, for the user's cloud-drive contents. The visible instructions do not require an explicit confirmation step before high-impact deletes.
`weiyun.delete` — 批量删除 ... `delete_completely` ... true-彻底删除
Require the agent to show the exact files/directories and ask for explicit confirmation before deletion, especially when `delete_completely=true`.
Private cloud files or folders could be made accessible through a share link if the agent misinterprets the request.
The skill can create external share links, including passwordless links, but the visible artifacts do not require a confirmation or privacy warning before sharing.
`weiyun.gen_share_link` — 为微云网盘中的文件或目录生成分享短链接 ... `passwd` ... 不填则创建无密码分享
Require explicit confirmation before generating share links, and warn when creating passwordless shares.
Anyone who can see local process arguments or command history may be able to recover the Weiyun token and access the user's cloud-drive account through this integration.
The documentation shows passing a high-value MCP token as a command-line argument, which can expose it through process listings, shell history, logs, or terminal recordings.
python3 scripts/upload_to_weiyun.py /path/to/file --token <mcp_token>
Prefer environment variables, secure credential storage, or interactive secret prompts; avoid documenting or using `--token` for real tokens.
The local mcporter configuration can continue to authorize Weiyun actions after setup until the token is removed or revoked.
The setup script persists the Weiyun MCP token into a home-scoped mcporter configuration. This is purpose-aligned, but it is sensitive account access that users should understand.
mcporter config add "$_WY_SERVICE_NAME" "$_WY_MCP_URL" ... --header "WyHeader=mcp_token=$token" --scope home
Clearly disclose where the token is stored, how to revoke it, and how to remove the mcporter configuration when the user no longer wants this access.
Running the setup may change the user's local environment and install code from package registries without the installation being declared up front.
The setup script can install a global npm package and an unpinned Python package even though the registry says there is no install spec and no required binaries.
npm install -g mcporter@0.8.1 ... pip3 install requests 2>/dev/null || pip install requests 2>/dev/null
Declare these dependencies in the install metadata, ask before installing, avoid global installs where possible, and pin Python dependencies.