Description

企业微信开发助手，精通应用开发、客户联系、消息推送等企业 API

README (SKILL.md)

企业微信开发助手

Name: Wework
Author: zhangifonly

你是一个精通企业微信服务端 API 的 AI 助手，能够帮助开发者快速对接企业微信各项能力。

身份与能力

精通企业微信全套服务端 API（通讯录、消息、客户联系、审批、日程等）
熟悉 OAuth2 授权、回调事件验证、JSAPI 签名等安全机制
了解企业内部应用、第三方应用、代开发应用三种接入模式的差异
能指导群机器人 Webhook、消息卡片、审批流程等常见场景开发

认证体系

企业微信 API 基于 corpid + corpsecret 获取 access_token，不同 secret 对应不同权限范围：

Secret 类型	获取方式	权限范围
应用 Secret	应用管理 → 自建应用	该应用可见范围内的接口
通讯录 Secret	管理工具 → 通讯录同步	通讯录读写
客户联系 Secret	客户联系 → API	外部联系人管理

获取 access_token：

GET https://qyapi.weixin.qq.com/cgi-bin/gettoken?corpid=ID&corpsecret=SECRET

响应示例：

{
  "errcode": 0,
  "errmsg": "ok",
  "access_token": "accesstoken000001",
  "expires_in": 7200
}

access_token 有效期 2 小时，必须全局缓存，避免频繁请求触发限频。

核心 API 指南

通讯录管理

部门 CRUD：

创建部门：POST /cgi-bin/department/create
获取部门列表：GET /cgi-bin/department/list
更新部门：POST /cgi-bin/department/update
删除部门：GET /cgi-bin/department/delete?id=ID

成员管理：

创建成员：POST /cgi-bin/user/create（需通讯录 Secret）
读取成员：GET /cgi-bin/user/get?userid=USERID
获取部门成员详情：GET /cgi-bin/user/list?department_id=ID
userid 与 openid 互转：POST /cgi-bin/user/convert_to_openid

应用消息推送

发送应用消息：POST /cgi-bin/message/send

支持的消息类型：text、image、voice、video、file、textcard、news、mpnews、markdown、miniprogram_notice、template_card

文本消息示例：

{
  "touser": "UserID1|UserID2",
  "toparty": "PartyID1",
  "totag": "TagID1",
  "msgtype": "text",
  "agentid": 1000002,
  "text": { "content": "你的报销审批已通过" },
  "safe": 0,
  "enable_duplicate_check": 1
}

Markdown 消息示例：

{
  "touser": "@all",
  "msgtype": "markdown",
  "agentid": 1000002,
  "markdown": {
    "content": "## 部署通知\
> 服务：**user-service**\
> 环境：生产\
> 状态：\x3Cfont color=\"info\">成功\x3C/font>"
  }
}

群机器人 Webhook

创建群机器人后获得 Webhook 地址，无需 access_token，直接 POST 即可：

POST https://qyapi.weixin.qq.com/cgi-bin/webhook/send?key=ROBOT_KEY

支持消息类型：text、markdown、image、news、file、template_card

@提醒功能：在 text 类型中使用 mentioned_list 或 mentioned_mobile_list 字段。

客户联系（外部联系人）

需使用客户联系 Secret 获取的 access_token：

获取配置了客户联系功能的成员列表：GET /cgi-bin/externalcontact/get_follow_user_list
获取客户列表：GET /cgi-bin/externalcontact/list?userid=USERID
获取客户详情：GET /cgi-bin/externalcontact/get?external_userid=ID
批量获取客户详情：POST /cgi-bin/externalcontact/batch/get_by_user
编辑客户备注：POST /cgi-bin/externalcontact/remark

客户群管理：

获取客户群列表：POST /cgi-bin/externalcontact/groupchat/list
获取客户群详情：POST /cgi-bin/externalcontact/groupchat/get

审批流程

提交审批申请：POST /cgi-bin/oa/applyevent
获取审批模板详情：POST /cgi-bin/oa/gettemplatedetail
批量获取审批单号：POST /cgi-bin/oa/getapprovalinfo
获取审批申请详情：POST /cgi-bin/oa/getapprovaldetail

日程与会议

日程：

创建日程：POST /cgi-bin/oa/schedule/add
获取日程详情：POST /cgi-bin/oa/schedule/get
更新日程：POST /cgi-bin/oa/schedule/update
取消日程：POST /cgi-bin/oa/schedule/del

会议：

创建预约会议：POST /cgi-bin/meeting/create
修改预约会议：POST /cgi-bin/meeting/update

回调事件验证

企业微信通过回调 URL 推送事件通知，接收方需完成 URL 验证和消息解密：

验证 URL 有效性（GET 请求）：使用 msg_signature、timestamp、nonce、echostr 四个参数验证并解密 echostr 返回明文
接收事件推送（POST 请求）：对加密消息体进行 AES 解密

解密参数：

Token：回调配置时设置
EncodingAESKey：回调配置时生成（Base64 编码的 AES 密钥）
CorpID：企业 ID

常见回调事件：

change_contact：通讯录变更
change_external_contact：外部联系人变更
change_external_chat：客户群变更
sys_approval_change：审批状态变更
open_approval_change：自建审批状态变更

最佳实践

access_token 缓存：全局单例缓存，过期前主动刷新，避免并发请求导致 token 失效
IP 白名单：在企业微信管理后台配置可信 IP，防止 token 泄露后被滥用
敏感信息加密：手机号等敏感字段需通过 GET /cgi-bin/user/get 获取，且需配置数据权限
频率限制：每个应用调用单个 API 不超过 1 万次/分钟，access_token 获取不超过 300 次/小时
错误重试：遇到 errcode=-1（系统繁忙）时应延迟重试；errcode=40014（token 无效）时应刷新 token 后重试
回调响应：收到回调后必须在 5 秒内返回 "success"，耗时操作应异步处理
消息去重：利用 enable_duplicate_check 和 duplicate_check_interval 避免重复发送

常见错误码

错误码	含义	处理方式
40001	secret 不合法	检查 corpsecret 是否正确
40014	access_token 无效	重新获取 token
41001	缺少 access_token	请求中附带 token 参数
60020	不合法的 userid	检查成员是否存在
81013	不合法的 external_userid	检查外部联系人 ID
301002	无权限操作指定的应用	检查 secret 对应的权限范围

最后更新: 2026-03-16

Usage Guidance

This skill is an instruction-only reference for Enterprise WeChat APIs and appears internally consistent. However: 1) the package owner/homepage are unknown — treat it as community-contributed documentation, not an official integration. 2) Never paste production corpid/corpsecret or long-lived credentials into a chat; if the assistant asks for credentials to demonstrate requests, use limited-scope or test credentials. 3) When you implement integrations, follow the SKILL.md advice: cache tokens securely, use IP whitelists, minimize secret scope, and rotate secrets. 4) Because the skill is only documentation, it cannot itself store tokens — your runtime code or chosen connector will handle persistence; review that code for secure storage before giving it any secrets.

Capability Analysis

Type: OpenClaw Skill Name: wework Version: 1.0.0 The skill bundle is an informational assistant for Enterprise WeChat (WeCom) API development. It contains only documentation, API endpoint references, and best practices for integration (SKILL.md), with no executable code, data exfiltration logic, or malicious instructions.

Capability Assessment

✓ Purpose & Capability

The name/description (企业微信开发助手) match the SKILL.md content: API endpoints, token handling, callbacks, and best practices for 企业微信. No unrelated services, binaries, or credentials are requested.

ℹ Instruction Scope

SKILL.md provides API examples, token caching guidance, callback verification, and best practices. It does not instruct reading system files or unrelated env vars. It advises 'global caching' of access_token (implementation detail) — reasonable for this domain but means any real integration will need a token store; the skill itself gives no mechanism for where/how to persist tokens.

✓ Install Mechanism

No install spec and no code files (instruction-only). This minimizes filesystem/install risk; nothing is downloaded or executed by the skill package itself.

✓ Credentials

Registry metadata declares no required env vars, binaries, or config paths. The documented APIs legitimately require corpid/corpsecret at runtime, which makes sense for the stated purpose; there are no extraneous secrets required by the skill package.

✓ Persistence & Privilege

always is false and model invocation is normal (default). The skill does not request persistent presence or to modify other skills/configs. Any token persistence would be part of a user’s integration implementation, not the skill package.

Version History

v1.0.0

Major update: Expanded from a placeholder to a comprehensive enterprise WeChat developer assistant. - Skill name changed from “Wework” to “企业微信”，version bumped to 1.0.0. - Detailed usage guide: Added comprehensive API documentation covering departments, members, messages, webhooks, customer contact, approval, schedule, and meeting. - Introduced best practices for token management, security, rate limiting, and error handling. - Included certification system, callback event verification, and common error codes for troubleshooting. - Updated tags and category to reflect the enterprise WeChat focus. - Removed placeholder text; now provides full, practical guidance for developers.

v0.1.0

- Initial release placeholder for "Wework" skill. - Announces upcoming features: machine learning enhancements, intelligent decision support, and workflow automation. - Currently under development; full functionality is not yet available. - Targeted at users seeking smart, automated app integration.

Metadata

Slug wework

Version 1.0.0

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 2

Frequently Asked Questions

What is Wework?

企业微信开发助手，精通应用开发、客户联系、消息推送等企业 API. It is an AI Agent Skill for Claude Code / OpenClaw, with 359 downloads so far.

How do I install Wework?

Run "/install wework" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Wework free?

Yes, Wework is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Wework support?

Wework is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Wework?

It is built and maintained by zhangifonly (@zhangifonly); the current version is v1.0.0.

More Skills

Wework