← Back to Skills Marketplace
152
Downloads
0
Stars
0
Active Installs
2
Versions
Install in OpenClaw
/install weixin-send-media
Description
微信发图片/文件技能 - 解决 contextToken 持久化问题
Usage Guidance
This skill does what it claims — enabling CLI/scripted Weixin media sends by persisting context tokens — but it patches OpenClaw's weixin gateway code and writes sensitive tokens to disk in plain JSON. Before installing: (1) inspect the actual patch file (patches/inbound.ts.patch) line-by-line to ensure no unexpected behavior, (2) back up ~/.openclaw/extensions/openclaw-weixin/src/messaging/inbound.ts (the installer does this, but verify the backup), (3) consider running the install in a disposable environment (VM/container) first, (4) if you accept installation, restrict token files (chmod 600) and consider adding encryption-at-rest or a more secure storage mechanism, (5) review export-context-token.js to avoid accidentally printing full tokens to logs or stdout, and (6) only install if you trust the author/repository — otherwise prefer an alternative solution that doesn't require patching core files. If you want higher confidence, provide the exact inbound.ts.patch content for a focused audit.
Capability Analysis
Type: OpenClaw Skill
Name: weixin-send-media
Version: 1.1.0
The skill modifies OpenClaw core extension files (~/.openclaw/extensions/openclaw-weixin/src/messaging/inbound.ts) via a patch to persist WeChat contextTokens to the local filesystem (~/.openclaw/openclaw-weixin/context-tokens/). While the documentation in SKILL.md and the logic in install.sh are transparent and aligned with the stated purpose of enabling CLI-based media sending, the practice of patching core system files and storing session tokens on disk represents a high-risk capability that could be leveraged for unauthorized access or system instability.
Capability Assessment
Purpose & Capability
Name/description match the implementation: the scripts and patch add disk persistence for contextToken so CLI and scripts can send media. The files, CLI examples, and install script all align with the stated goal.
Instruction Scope
Runtime instructions explicitly tell the installer to apply a patch to ~/.openclaw/extensions/openclaw-weixin/src/messaging/inbound.ts (a core gateway extension). Modifying core extension code is outside an ordinary skill's isolated scope and increases risk — the skill's own documentation admits it must patch internal functions.
Install Mechanism
No remote downloads or obscure URLs; installation uses a local install.sh that runs patch and creates directories. Using patch to change a core file is intrusive but the mechanism itself is transparent (patch file included in package).
Credentials
No external credentials are requested, which is appropriate, but the skill persists context tokens (sensitive authorization tokens) as plain JSON under ~/.openclaw/openclaw-weixin/context-tokens/. While scripts recommend chmod 600 and install.sh sets the dir to 700, tokens remain unencrypted and an export command can print full token to stdout — that increases the risk of local token exposure or accidental exfiltration.
Persistence & Privilege
The skill modifies another component's source file (the openclaw-weixin gateway extension). This is a system-wide change beyond the skill's own directory and should be treated as elevated privilege; although a backup-and-restore path is provided, altering core behavior is significant and deserves review.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install weixin-send-media - After installation, invoke the skill by name or use
/weixin-send-media - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.1.0
**Version 1.1.0 – 安全增强与脚本支持**
- 新增 CHANGELOG.md、脚本(send-image.js, send-file.js, export-context-token.js)、API 参考文档和测试用例
- 完善安全说明,新增专节说明补丁方式和本地 token 文件保护建议
- 新增封装脚本,支持一行命令发送图片或文件
- README/文档全面完善,补充故障排查、FAQ、可用命令及典型用例
- 安装流程支持 install.sh 自动化;不再包含原 ClawHub 发布相关文件
- 强化 contextToken 持久化设计说明,强调本地安全和误报风险
v1.0.0
Initial release with contextToken persistence for media messages in WeChat.
- Implements disk persistence for contextToken, enabling media message sending via CLI/scripts and surviving gateway restarts.
- Supports CLI and script-based sending of images, files, and network images through the openclaw-weixin channel.
- Provides patching instructions for integrating contextToken storage and fallback.
- Adds clear error messages and troubleshooting steps for common issues.
- Includes sample workflows and usage documentation for frequent scenarios.
Metadata
Frequently Asked Questions
What is Weixin Send Media?
微信发图片/文件技能 - 解决 contextToken 持久化问题. It is an AI Agent Skill for Claude Code / OpenClaw, with 152 downloads so far.
How do I install Weixin Send Media?
Run "/install weixin-send-media" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Weixin Send Media free?
Yes, Weixin Send Media is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Weixin Send Media support?
Weixin Send Media is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Weixin Send Media?
It is built and maintained by linzmin (@linzmin); the current version is v1.1.0.
More Skills