Skillv1.0.0

ClawScan security

Wechat Bot Starter · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

ReviewMar 13, 2026, 11:13 PM

Verdict: Review
Confidence: medium
Model: gpt-5-mini
Summary: The skill is generally coherent as a WeChat bot template, but its declared requirements and runtime instructions disagree (Python usage not declared) and the example integration posts user messages to an HTTP endpoint — both issues warrant caution.
Guidance: This skill appears to be a benign WeChat bot template, but review these before installing: - Metadata mismatch: the skill declares node/npm as required, but the README shows many Python examples (pip, itchat, requests, schedule). Make sure you have Python and required Python packages if you follow those examples. - Message leakage risk: the example OpenClaw integration posts raw message text and a user_id to an HTTP endpoint. Confirm that endpoint is local and trusted (avoid pointing it to unknown remote servers), and consider sanitizing or redacting sensitive data before sending. - Account safety: the guide warns about封号 (account bans). Using Web/itchat-based bots can lead to account suspension; prefer official enterprise WeChat where appropriate. - Paid components: Wechaty 'puppet' implementations (e.g., Pad or paid puppets) may require paid credentials or third-party services; the docs mention that tradeoffs exist—verify costs and terms. - Storage: hotReload=True stores session tokens on disk; protect those files and know where they are stored. If you want to proceed, ask the author to correct the declared requirements (add python/pip and required Python libs) and to make the OpenClaw endpoint configurable via a documented environment variable so you can ensure it points only to a trusted local service.

Review Dimensions

Purpose & Capability: noteThe skill's name/description (Wechat bot starter) matches the instructions (Wechaty/itchat templates) — however the skill metadata declares required binaries node/npm only, while the SKILL.md contains many Python examples that require python/pip and additional Python packages. This mismatch is an inconsistency (likely oversight) but not necessarily malicious.
Instruction Scope: noteInstructions stay within the stated purpose (building WeChat bots) and include templates for auto-reply, group management, forwarding, scheduling, and an example OpenClaw integration. They do not instruct reading unrelated system files. The OpenClaw integration example posts raw message text and user_id to a URL (http://localhost:3000/api/chat) — expected for an integration but sensitive because that endpoint could be changed to an external service and would transmit user messages and identifiers.
Install Mechanism: okThis is an instruction-only skill with no install spec and no code files, so nothing will be downloaded or written by the skill itself. Risk from install mechanism is low.
Credentials: concernThe SKILL.md uses a hardcoded OPENCLAW_URL and shows storing configuration under ~/.openclaw/workspace, but the skill declares no required environment variables. The example integration transmits user messages and user_id to an HTTP endpoint; if that endpoint is remote (or modified), it could leak private chat contents. Also the metadata fails to declare python/pip or other runtime deps (requests, itchat, schedule), which is a proportionality/accuracy concern.
Persistence & Privilege: okThe skill does not request always:true, does not modify other skills, and does not request elevated persistence. It references saving login state (hotReload=True) which stores session data locally — normal for WeChat clients but something to be aware of.