Skillv1.1.0

ClawScan security

企业微信通知提醒 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

BenignMar 24, 2026, 2:54 PM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill does what it claims — send 企业微信 (WeChat Work) webhook messages — and its files, instructions, and requirements are internally consistent, with a few operational hygiene notes to consider.
Guidance: This skill appears to be what it says: a small shell script to send 企业微信 webhook messages. Before installing: 1) Treat your webhook key as a secret — avoid pasting it into scheduled task message strings or plaintext task descriptions because those may be stored or visible to others; prefer storing the key in a secure config or use a protected secret store if available. 2) Be aware the script calls curl with the key in the URL query parameter, which can be exposed in process listings or system logs on some hosts — accept that risk or use a more secure delivery method if needed. 3) The script optionally pipes the response to jq (if present) but only lists curl as a dependency; ensure jq is available if you want pretty printing. 4) Test with a non-production webhook key first. These are operational/privacy cautions, not indicators of malicious behavior.

Purpose & Capability: okName/description match the provided artifacts: SKILL.md documents using a 企业微信 webhook and send_weixin.sh builds JSON and POSTs to the official qyapi.weixin.qq.com endpoint. No unrelated credentials, binaries, or services are requested.
Instruction Scope: noteInstructions stay within the stated purpose (construct JSON and POST to the webhook). However, the SKILL.md examples show embedding the webhook key directly into scheduled 'openclaw cron add' messages, which may cause the key to be stored in cron/task metadata and logs. The script also invokes curl with the webhook key in the URL query string — this may expose the key in process listings or system command logs on some systems. These are operational hygiene/privacy concerns (not evidence of malicious behavior).
Install Mechanism: okInstruction-only skill with no install spec — nothing is written to disk by an installer. The only file included is a small shell script. This is the lowest-risk install profile.
Credentials: okThe skill requests no environment variables, no credentials, and no config paths. That aligns with a webhook-based tool that accepts the webhook key as a runtime argument.
Persistence & Privilege: okalways is false and the skill doesn't request persistent elevated privileges or modify other skills. Autonomous invocation is allowed (platform default) and appropriate for scheduled notifications.