← Back to Skills Marketplace

微信小程序 CI 工具

Name: 微信小程序 CI 工具
Author: super9du

by Super 9° · GitHub ↗ · v1.0.1 · MIT-0

cross-platform ⚠ suspicious

108

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install wx-miniprogram-ci

Description

微信小程序 CI 工具技能。支持构建、预览、云函数、云存储等全部 miniprogram-ci 能力。使用 Node.js 开发，跨平台，可配置。

Usage Guidance

This skill appears to implement a legitimate miniProgram CI wrapper, but take precautions before running anything: 1) Inspect scripts/wx-miniprogram-ci.js to confirm whether it will run npm installs or external commands automatically and where it writes files. 2) Back up any existing ~/.wxmini-ci.config.js before running the skill or tests — the provided tests (tests/run-tests.js) copy a test config to your real config path and may overwrite it without preserving the original. 3) Keep your WeChat private key files safe: the tool accepts privateKeyPath and reads that file; only point it at keys you intend to use. 4) Run the tool in an isolated environment or sandbox (or with a temporary home) if you want to verify behavior first. If you need higher confidence, ask the skill author for a clear statement of whether the script automatically installs packages (and for safer test behavior that does not overwrite user config).

Capability Analysis

Type: OpenClaw Skill Name: wx-miniprogram-ci Version: 1.0.1 The skill bundle contains a destructive test script and high-privilege operations. Specifically, `tests/run-tests.js` overwrites the user's global configuration file (`~/.wxmini-ci.config.js`) with an empty object without creating a proper backup, leading to permanent data loss of WeChat Mini Program credentials if executed. Additionally, `scripts/wx-miniprogram-ci.js` performs global package installations (`npm install -g`) and uses `require()` to load a configuration file that the script itself modifies, which is a risky pattern that could be exploited if the file content is compromised. While these appear to be significant engineering flaws rather than intentional malware, the destructive nature of the test suite and the handling of sensitive private keys warrant a suspicious classification.

Capability Tags

cryptorequires-wallet

Capability Assessment

✓ Purpose & Capability

Name/description (wx miniprogram CI using miniprogram-ci) align with the provided script and config example: the code implements commands for init, config, preview, upload, build-npm, upload-function, upload-storage and interacts with project files and a private key path as expected.

ℹ Instruction Scope

SKILL.md instructs running the included Node script from the skill's scripts directory and describes persisting configuration to ~/.wxmini-ci.config.js. That behavior is expected for a CLI tool, but the skill also ships test scripts that perform file operations on the user's home config (see tests/run-tests.js) which could overwrite a user's existing ~/.wxmini-ci.config.js if run.

✓ Install Mechanism

No install spec; this is instruction + script files only. No external download URLs or installers are present in the provided files, which reduces install-time risk. The script may invoke npm or miniprogram-ci at runtime (not executed by the platform during install).

⚠ Credentials

The tool legitimately needs project paths and private key file paths for WeChat operations. However, it persists configuration to the user's home (~/.wxmini-ci.config.js) and the tests intentionally copy a test config over the real config file (tests/run-tests.js) in a way that will overwrite an existing real config without backing it up first—this is disproportionate risk for a skill and could inadvertently clobber user data. The script also reads filesystem paths (including private key files) which is expected but sensitive; no explicit environment variables or cloud credentials are requested by the skill itself.

ℹ Persistence & Privilege

The skill writes a persistent config file in the user's home directory and can persist per-project settings. It does not request 'always: true' or other elevated platform privileges. Persisting config to the user's home is reasonable for a CLI tool, but users should be aware of the persistent file location and that tests/scripts can modify it.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install wx-miniprogram-ci
After installation, invoke the skill by name or use /wx-miniprogram-ci
Provide required inputs per the skill's parameter spec and get structured output

Version History

v1.0.1

- Initial release of wx-miniprogram-ci skill, a cross-platform CLI tool for WeChat Mini Program CI automation. - Supports commands for environment initialization, configuration management, preview, code upload, npm build, cloud function upload, cloud storage upload, and source map retrieval. - Offers project multi-configuration, persistent config file, and environment variable support. - Provides detailed CLI usage instructions with comprehensive command and option documentation for Linux/macOS/Windows environments.

Metadata

Slug wx-miniprogram-ci

Version 1.0.1

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 1

Frequently Asked Questions

What is 微信小程序 CI 工具?

微信小程序 CI 工具技能。支持构建、预览、云函数、云存储等全部 miniprogram-ci 能力。使用 Node.js 开发，跨平台，可配置。 It is an AI Agent Skill for Claude Code / OpenClaw, with 108 downloads so far.

How do I install 微信小程序 CI 工具?

Run "/install wx-miniprogram-ci" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is 微信小程序 CI 工具 free?

Yes, 微信小程序 CI 工具 is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does 微信小程序 CI 工具 support?

微信小程序 CI 工具 is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created 微信小程序 CI 工具?

It is built and maintained by Super 9° (@super9du); the current version is v1.0.1.

More Skills