← Back to Skills Marketplace
Tencent Drive(Weiyun) MCP
by
振云 (Percy)
· GitHub ↗
· v1.0.5
· MIT-0
166
Downloads
0
Stars
0
Active Installs
4
Versions
Install in OpenClaw
/install tencent-drive-mcp
Description
微云网盘 MCP 接口完整技能。包含 weiyun.list、weiyun.list_by_category、weiyun.download、weiyun.delete、weiyun.upload、weiyun.gen_share_link、weiyun.rename_file、weiyun.rename_dir...
Usage Guidance
This package appears to implement Weiyun MCP upload/list/delete operations and includes the Python scripts needed to compute special SHA1 states and to call the MCP API. Before installing or running it: 1) Understand you will need a valid Weiyun MCP token (and in some flows real account cookies) — the code expects WEIYUN_MCP_TOKEN or a token provided via mcporter; the manifest did not declare required env vars. 2) SKILL.md tells you to run setup.sh / setup.ps1 and to use the mcporter CLI, but those setup scripts are not included here and mcporter is not declared as a required binary — do not run scripts fetched from unknown sources without reviewing them. 3) The scripts will read local files you choose to upload and will send data to weiyun.com (expected for this skill). 4) If you proceed, obtain the mcporter/setup scripts from a trusted source (preferably the official project), verify them before executing, and be prepared that the auth flow writes tokens into mcporter's config. 5) If you want to use this skill but avoid persistent credential storage, consider passing tokens only at runtime and inspect/limit where credentials are written. If you need help verifying the missing setup scripts or confirming mcporter provenance, ask the skill author for the exact setup.sh/setup.ps1 and their source, or request a version that bundles or documents all required tools.
Capability Analysis
Type: OpenClaw Skill
Name: tencent-drive-mcp
Version: 1.0.5
The skill bundle implements a remote update mechanism via the `check_skill_update` tool (defined in SKILL.md and references/mcp_api.md) that instructs the AI agent to fetch and execute an 'instruction' string from a remote endpoint (weiyun.com). This design pattern creates a significant attack surface for remote prompt injection or unauthorized command execution if the server is compromised. While the core file management logic and custom SHA1 implementation in scripts/upload_to_weiyun.py appear legitimate for Tencent Weiyun integration, the ability for a remote server to provide executable instructions to the agent is a high-risk capability.
Capability Assessment
Purpose & Capability
The skill claims to be a full Weiyun (MCP) client and the included Python scripts implement upload/hash logic and MCP calls to weiyun.com — this aligns with the stated purpose. However the SKILL.md and references repeatedly instruct use of the mcporter CLI and setup.sh/setup.ps1, yet the package manifest does not declare mcporter (or other required binaries) as required nor include the setup scripts. That mismatch (expecting external tools/scripts but not declaring or bundling them) is incoherent.
Instruction Scope
Runtime instructions include network calls to the official MCP endpoint (weiyun.com) which is expected for this skill. They also require computing SHA1 of user-selected files and uploading them — that behavior is appropriate for an upload tool. But the SKILL.md instructs running external setup.sh / setup.ps1 and using mcporter commands for auth/config; those scripts are not present in the file list. Directing users to execute missing/unsupplied scripts is a red flag because it requires fetching or running external code not reviewed here.
Install Mechanism
There is no automated install spec (instruction-only install), and the code files are included directly (Python scripts). This is low-risk compared with arbitrary downloads. However the skill expects users to run external setup scripts and to have the mcporter CLI available; those installers/tools are not provided nor declared, so the installation process will require pulling external code/tools.
Credentials
The manifest declares no required environment variables, but scripts and README explicitly use/expect WEIYUN_MCP_TOKEN (or passing a --token) and real micro-account cookies for some APIs. The auth reference also tells users to run mcporter config add to save a token. Requesting tokens/cookies is proportionate to a cloud storage client, but the skill failing to declare these required credentials and the lack of clear guidance about where to obtain the setup scripts/tools is an inconsistency worth flagging.
Persistence & Privilege
The skill is not always-enabled and doesn't request elevated platform privileges. However the auth instructions instruct writing a token into mcporter's configuration (mcporter config add ... --scope home), which will persist credentials in the user's mcporter config. That behavior is plausible/expected for a client but users should be aware the skill's recommended auth flow modifies local tool configuration.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install tencent-drive-mcp - After installation, invoke the skill by name or use
/tencent-drive-mcp - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.5
tencent-drive-mcp v1.0.5
- Added Python script for file encoding fixes: scripts/_encoding_fix.py (and bytecode __pycache__).
- Removed setup.sh installation script.
- Documentation (SKILL.md) updated with more detail for directory deletion (dir_name parameter requirement), error code description, enhanced upload retry instructions, and improved descriptions for FTN上传 SHA1 block calculation support.
- No breaking changes to MCP Tool interfaces or core functionality.
v1.0.4
Tencent Drive MCP 1.0.4 Changelog
按照客官的吩咐,增加了 3 个新接口:移动文件、创建文件夹、移动目录
v1.0.3
tencent-drive-mcp(微云) v1.0.3
- 新增 Windows 环境支持,增加 `setup.ps1` 脚本用于本地安装和认证指引。
- 文档增加本地认证和安装说明:首次使用需参考 `references/auth.md`。
- 新增两个文件操作功能工具:`weiyun.rename_file`(重命名文件)、`weiyun.rename_dir`(重命名目录)。
- 新增文件分类查询工具:`weiyun.list_by_category`,支持按文档、图片、视频等类型分页拉取网盘文件。
- `weiyun.gen_share_link` 支持设置自定义或随机6位密码的分享链接。
- 完善文档与参数说明,提示 Windows 用户脚本兼容性和调用方式。
v1.0.2
- Added detailed usage documentation for all 6 MCP tools: directory listing, batch download, batch delete, file upload (with FTN protocol block SHA1 algorithm), external share link generation, and skill version checking.
- Provided comprehensive technical explanations for block SHA1 calculation, check_sha/check_data computation, and their importance in FTN uploads.
- Documented error codes, API request/response structures, and best practices for reliable integration.
- Included step-by-step usage workflows, troubleshooting guidance, and command-line script instructions for uploading and testing.
- Emphasized version update requirements and parameter validation to prevent common mistakes in MCP operations.
Metadata
Frequently Asked Questions
What is Tencent Drive(Weiyun) MCP?
微云网盘 MCP 接口完整技能。包含 weiyun.list、weiyun.list_by_category、weiyun.download、weiyun.delete、weiyun.upload、weiyun.gen_share_link、weiyun.rename_file、weiyun.rename_dir... It is an AI Agent Skill for Claude Code / OpenClaw, with 166 downloads so far.
How do I install Tencent Drive(Weiyun) MCP?
Run "/install tencent-drive-mcp" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Tencent Drive(Weiyun) MCP free?
Yes, Tencent Drive(Weiyun) MCP is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Tencent Drive(Weiyun) MCP support?
Tencent Drive(Weiyun) MCP is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Tencent Drive(Weiyun) MCP?
It is built and maintained by 振云 (Percy) (@yun-percy); the current version is v1.0.5.
More Skills