微信小程序 CI 工具
PassAudited by VirusTotal on May 10, 2026.
Overview
Type: OpenClaw Skill Name: wx-miniprogram-ci Version: 1.0.1 The skill bundle contains a destructive test script and high-privilege operations. Specifically, `tests/run-tests.js` overwrites the user's global configuration file (`~/.wxmini-ci.config.js`) with an empty object without creating a proper backup, leading to permanent data loss of WeChat Mini Program credentials if executed. Additionally, `scripts/wx-miniprogram-ci.js` performs global package installations (`npm install -g`) and uses `require()` to load a configuration file that the script itself modifies, which is a risky pattern that could be exploited if the file content is compromised. While these appear to be significant engineering flaws rather than intentional malware, the destructive nature of the test suite and the handling of sensitive private keys warrant a suspicious classification.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the test script is run, the user’s saved CI configuration can be erased and may need to be recreated.
The test runner replaces the real ~/.wxmini-ci.config.js with an empty test config and later copies the same empty test config back, despite comments claiming it restores the real config.
var REAL_CONFIG = path.join(os.homedir(), ".wxmini-ci.config.js"); ... fs.writeFileSync(TEST_CONFIG, "module.exports = {};\n", "utf-8"); fs.copyFileSync(TEST_CONFIG, REAL_CONFIG); ... fs.copyFileSync(TEST_CONFIG, REAL_CONFIG);Do not run tests/run-tests.js until it is fixed to back up the original config to a separate file and restore that original file exactly.
Running init may install or change a global npm package on the machine.
The init flow installs miniprogram-ci globally from npm without a pinned version. This is related to the skill’s purpose, but it changes the user’s global Node environment and depends on the npm package supply chain.
execSync('npm install -g miniprogram-ci', {Review the package/version before installing, consider pinning miniprogram-ci, and prefer project-local dependencies when possible.
Whoever can run the configured commands with the private key can perform CI actions against the configured Mini Program.
The skill uses a WeChat Mini Program app ID and private-key file path to authenticate CI actions. This is expected for miniprogram-ci, but it grants authority to preview/upload code and operate on cloud resources.
node wx-miniprogram-ci.js upload ... --appid YOUR_APPID ... --private-key ~/.credentials/private.YOUR_APPID.key ...
Use least-privilege CI keys, store private keys securely, review upload/cloud commands before execution, and avoid sharing config files or shell logs containing credential paths.
A mistaken command can publish the wrong code or cloud assets to the user’s WeChat Mini Program environment.
The skill exposes commands that can upload application code, cloud functions, and cloud storage content. These operations are central to the stated CI purpose, but they are high-impact account mutations.
| upload | 上传代码 | ... | upload-function | 上传云函数 | ... | upload-storage | 上传云存储 |
Confirm the selected project, appid, cloud environment, version, path, and robot number before running upload-related commands.
Using a config file from an untrusted source could run code on the user’s machine.
The tool loads configuration as a JavaScript module, so a config file can execute code when loaded. This is a common Node.js config pattern and appears documented, but users should only use trusted config files.
const fileConfig = require(configFile);
Keep ~/.wxmini-ci.config.js under the user’s control and do not point --config-dir at untrusted directories.