← Back to Skills Marketplace
82
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install wechat-miniprogram-toolkit
Description
微信小程序全栈开发 skill,支持项目初始化、云开发(数据库/存储/云函数/聚合查询/事务)、用户登录鉴权、微信支付(JSAPI/统一下单/支付通知/退款)、直播/实时音视频(TRTC)、数据分析/埋点、分享海报/朋友圈分享、TypeScript 泛型封装、云托管(容器化后端)、客服消息、订阅消息、客服自动回复...
Usage Guidance
This skill appears to be exactly a WeChat Mini Program developer toolkit and is coherent with its descriptions. Before installing or running it:
- Inspect scripts/analyze_subpackages.py (and any other included scripts) to confirm they only read project files and do not call unexpected remote endpoints or read system secrets.
- When you configure CI/CD, store AppID/AppSecret/private keys in your CI secret manager (GitHub Secrets) and avoid printing secrets or committing private keys. Be careful with steps that echo secrets into files—ensure those files are not uploaded as build artifacts or leaked to logs.
- Review any generated cloud function/analytics code that sends openid or other identifiers to third‑party endpoints; that is normal for analytics but has privacy implications.
- If you are uncomfortable with autonomous code execution by the agent, disable automatic invocation or review and approve any actions before they run.
Overall the package is coherent and appropriate for its domain, but standard operational hygiene around credentials and privacy should be followed.
Capability Analysis
Type: OpenClaw Skill
Name: wechat-miniprogram-toolkit
Version: 1.0.0
The bundle is a comprehensive WeChat Mini Program development toolkit, but it is classified as suspicious due to high-risk instructions in SKILL.md. It directs the AI agent to perform automated software installations (e.g., SkillHub, miniprogram-ci) and implements a 'self-evolution' mechanism that allows the agent to modify its own reference files (references/error-log.md) based on user feedback. This creates a significant surface for persistent prompt injection where a user could trick the agent into 'learning' and later executing malicious instructions. The Python script scripts/analyze_subpackages.py is functional and performs local file analysis without evidence of malicious intent.
Capability Tags
Capability Assessment
Purpose & Capability
The name/description (WeChat mini program full-stack toolkit) matches the provided SKILL.md and reference documents (auth, cloud-dev, ci-cd, payment, etc.). The only code file is a subpackage analysis Python script which is directly relevant to the described 'analyze subpackages' capability. No unrelated binaries or environment variables are required by the skill itself.
Instruction Scope
Runtime instructions are focused on project init, running the included scripts (scripts/analyze_subpackages.py), and generating CI/CD configs. Reference docs include examples that call cloud functions and report analytics (wx.cloud.callFunction, wx.reportEvent) and CI/CD examples that require AppSecret/private key secrets in GitHub Actions. Those examples are expected for this domain but grant the skill authority to (a) read project files it is asked to analyze and (b) produce CI/CD configs that reference or consume secrets. You should review scripts/analyze_subpackages.py before running it in your workspace, and review any generated CI workflow before enabling it.
Install Mechanism
No install spec — instruction-only plus a small Python script. This is low risk compared to download/install flows. Optional tooling (miniprogram-ci, Node, Python) are described as project dependencies or CI runner tools and are reasonable for the stated features.
Credentials
The skill itself declares no required environment variables or credentials. Reference docs and CI/CD examples legitimately describe using WEAPP_APPID/WEAPP_APP_SECRET/WEAPP_PRIVATE_KEY, WEIXIN_MCH_KEY, DATABASE_URL, etc., which are appropriate for building/publishing and payment backends. Two practical cautions: (1) the CI examples show writing secrets into files (echoing secrets into private.weapp.key) — this is common but can be mishandled (leaked into logs or artifacts) if not done carefully; (2) analytics/track examples call cloud functions and include openid or stored user identifiers — this is expected for analytics but is a privacy surface you should control. None of these are unexplained, but they are sensitive and deserve careful handling.
Persistence & Privilege
always is false and the skill does not request persistent system-wide privileges. disable-model-invocation is false (normal). There is no attempt to modify other skills or global agent settings in the provided materials.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install wechat-miniprogram-toolkit - After installation, invoke the skill by name or use
/wechat-miniprogram-toolkit - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
wechat-miniprogram-toolkit v1.6.0
- 增加对新版微信小程序全栈开发的完整支持,覆盖云开发、支付、直播、数据分析、类型封装等全链路能力。
- 提供项目初始化、自动分包分析、CI/CD 自动化、分包优化等工程化工具指引。
- 全面梳理必读文档和按需能力模块,支持微信云托管、内容安全、硬件接口等高级特性。
- 优化依赖管理说明,明确开发环境准备与必需工具。
- 补充错误处理和能力清单,便于问题定位和完整能力查询。
Metadata
Frequently Asked Questions
What is Wechat Miniprogram Toolkit?
微信小程序全栈开发 skill,支持项目初始化、云开发(数据库/存储/云函数/聚合查询/事务)、用户登录鉴权、微信支付(JSAPI/统一下单/支付通知/退款)、直播/实时音视频(TRTC)、数据分析/埋点、分享海报/朋友圈分享、TypeScript 泛型封装、云托管(容器化后端)、客服消息、订阅消息、客服自动回复... It is an AI Agent Skill for Claude Code / OpenClaw, with 82 downloads so far.
How do I install Wechat Miniprogram Toolkit?
Run "/install wechat-miniprogram-toolkit" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Wechat Miniprogram Toolkit free?
Yes, Wechat Miniprogram Toolkit is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Wechat Miniprogram Toolkit support?
Wechat Miniprogram Toolkit is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Wechat Miniprogram Toolkit?
It is built and maintained by SQLSkills (@sqlskills); the current version is v1.0.0.
More Skills