← Back to Skills Marketplace
cyl2835

企业微信存档服务

by cyl2835 · GitHub ↗ · v1.0.0
cross-platform ⚠ suspicious
394
Downloads
0
Stars
2
Active Installs
1
Versions
Install in OpenClaw
/install wework-archive-service
Description
企业微信整合服务技能 - 包含普通回调和会话内容存档功能
Usage Guidance
Do NOT install into a production environment yet. Review and verify the Python code before enabling: 1) The main service file hardcodes CORP_ID, CORP_SECRET, callback tokens, AES keys, and sets CALLBACK_URL/ARCHIVE_CALLBACK_URL to https://ai.hexync.com — confirm whether that domain is trusted and why it is hardcoded. 2) Ensure the service actually reads your config/wework_config.json (it should) and remove any hardcoded secrets; move secrets to a secure config or env vars. 3) Search the code for any HTTP requests or forwards to external domains and audit network egress. 4) Generate and store RSA private keys securely (do not print them to stdout) and confirm the code loads them from a secure path. 5) Run the service in an isolated test network, rotate any exposed credentials, and consider a code provenance check / contact the author to explain the discrepancies. If you cannot verify why the external URL and hardcoded secrets exist, treat the skill as unsafe for production.
Capability Analysis
Type: OpenClaw Skill Name: wework-archive-service Version: 1.0.0 The skill bundle provides a functional service for archiving Enterprise WeChat (WeWork) communications, but it contains hardcoded sensitive credentials (CORP_ID, CORP_SECRET, and AES keys) within 'scripts/wework_combined_service.py'. While the documentation correctly instructs users to use a configuration file, the presence of these specific defaults is a significant security vulnerability that could lead to unauthorized access or data leakage if the service is deployed without modification. No evidence of intentional data exfiltration to non-official domains was found, and the core logic aligns with the stated purpose.
Capability Assessment
Purpose & Capability
The README/SKILL.md describe a configurable enterprise WeChat archive service that expects tokens/config in config/wework_config.json, but the main service file embeds CORP_ID, CORP_SECRET, CALLBACK tokens and fixed callback URLs. Hardcoded enterprise credentials and an external callback domain (https://ai.hexync.com/...) are not justified by the stated purpose and conflict with the declared configuration flow.
Instruction Scope
SKILL.md instructs you to configure local config files, Cloudflare Tunnel, and to host callbacks on your own domain. The service file, however, defines internal routes and uses hardcoded tokens and external callback URLs; this mismatch means runtime behavior may not follow the documented deployment/configuration steps and could forward or relay data to an unexpected remote endpoint.
Install Mechanism
No download/install spec is present beyond standard Python dependencies (pip3 install flask pycryptodome requests). No remote archive fetches or opaque installers are included; installation risk is typical for a Python script package.
Credentials
Registry metadata declares no required env vars or credentials, yet the code contains embedded sensitive credentials (corp secret, tokens, AES keys) and a fixed external domain. The skill asks users to generate RSA keys and save private_key.pem, but the code does not appear to read the documented config file (instead using hardcoded values), which is disproportionate and suspicious.
Persistence & Privilege
Metadata shows no 'always: true' or other elevated persistence. The skill is user-invocable and can run as a service (start/stop scripts), which is expected for this type of integration; autonomous invocation default is not, by itself, a new concern here.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install wework-archive-service
  3. After installation, invoke the skill by name or use /wework-archive-service
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
初始版本,包含企业微信普通回调、会话内容存档、线程安全存储、数据查询接口、Cloudflare Tunnel完整配置指引、全流程部署文档
Metadata
Slug wework-archive-service
Version 1.0.0
License
All-time Installs 2
Active Installs 2
Total Versions 1
Frequently Asked Questions

What is 企业微信存档服务?

企业微信整合服务技能 - 包含普通回调和会话内容存档功能. It is an AI Agent Skill for Claude Code / OpenClaw, with 394 downloads so far.

How do I install 企业微信存档服务?

Run "/install wework-archive-service" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is 企业微信存档服务 free?

Yes, 企业微信存档服务 is completely free (open-source). You can download, install and use it at no cost.

Which platforms does 企业微信存档服务 support?

企业微信存档服务 is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created 企业微信存档服务?

It is built and maintained by cyl2835 (@cyl2835); the current version is v1.0.0.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments