Skillv1.0.2

ClawScan security

向企业微信发送消息 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignMar 24, 2026, 1:41 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: Skill implementation, instructions, and requested resources are coherent with its stated purpose (sending messages to 企业微信 via webhook); no unexplained credentials, installers, or hidden endpoints were found, but it can read local image files and download image URLs — so be cautious about what paths/URLs you pass to it.
Guidance: This skill appears to do what it says: send messages to 企业微信 webhooks. Before installing or using it, consider: 1) Do not pass paths to sensitive local files (the script will read local image files and send their base64 content to the webhook). 2) Beware of supplying untrusted image URLs (the skill will download remote content). 3) Never hardcode or publicly expose real webhook keys—store them securely and pass them at runtime. 4) Review or modify the script if you prefer it to read webhook URLs from a secure secret store (environment variable or vault) rather than parameters or the placeholder default. 5) If you are concerned about an agent invoking the skill autonomously, restrict agent permissions or disable autonomous invocation for untrusted agents. Otherwise the package is internally consistent with its stated purpose.

Purpose & Capability: okName/description (企业微信 webhook message sender) match the provided files: SKILL.md, reference docs, and a Python script that constructs and POSTs webhook JSON. No unrelated credentials, binaries, or cloud APIs are requested.
Instruction Scope: noteRuntime instructions and the Python script stay within remit (construct messages, chunk long text, send to webhook). The script will read local image files and may download images from arbitrary URLs before encoding and posting them to the webhook — this is expected for image support but means the skill can transmit local file contents or fetch remote resources if given such inputs. Also note the script defaults to @all in mentioned_list which will broadcast by default.
Install Mechanism: okNo install spec; skill is instruction-only with a bundled Python script. No external installers, downloads, or archive extraction are used.
Credentials: okNo environment variables or credentials are declared or required. The script uses an explicit webhook URL passed at runtime (or a placeholder default); it does not read secrets from env vars or config files.
Persistence & Privilege: okalways:false and user-invocable:true. The skill does not request permanent/force inclusion or modify other skills or agent-wide config. Autonomous invocation is allowed by default (disable-model-invocation:false), which is standard platform behavior and not flagged by itself.