ClawHub

企业微信快速集成配置

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only Enterprise WeChat setup guide whose sensitive behavior is expected for the integration, though users should secure credentials and govern customer-message automation.

Install only if you intend OpenClaw to interact with your Enterprise WeChat tenant. Use least-privilege WeCom apps, restrict visible departments and recipients, protect ~/.openclaw/config.yml from other users and source control, rotate exposed secrets, and test auto-replies in a limited group before using them with customers.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The guide instructs users to store live WeCom credentials directly in a local YAML config file, but provides no guidance on file permissions, secret rotation, or using a dedicated secret manager/environment variables. This increases the likelihood of credential leakage through backups, screenshots, shared home directories, or accidental source-control commits, which could allow unauthorized message sending or API access.

Missing User Warnings

Medium
Confidence
85% confidence
Finding
The customer-service automation section encourages monitoring and auto-replying to customer messages without any mention of user consent, data minimization, retention, or applicable privacy/compliance obligations. In a real enterprise setting, this can lead to unauthorized processing of customer communications and mishandling of personal or sensitive business data.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal