← Back to Skills Marketplace
Weixin Connect
by
EaseLearnAI
· GitHub ↗
· v1.0.0
· MIT-0
1162
Downloads
0
Stars
5
Active Installs
1
Versions
Install in OpenClaw
/install weixin-connect
Description
连接个人微信(不是企业微信)。用户说"连接个人微信"、"接入个人微信"、"绑定个人微信"、"个人微信扫码"时使用本 skill。注意:如果用户说的是"企业微信"或"企微",本 skill 不适用,请使用 wecom-connect skill。一旦匹配本 skill,必须严格按流程执行到底,不得跳步或自由发挥。
Usage Guidance
This skill appears to legitimately implement a personal WeChat connect flow, but exercise caution before running it: (1) Inspect the npm package @tencent-weixin/openclaw-weixin-cli (source repo, publisher, recent releases) before npx executes it — npx runs remote code. (2) Ask where upload_to_cdn uploads images (which CDN, what account, privacy policy); the SKILL.md forces use of a CDN and forbids alternatives, so QR images (which grant login) could be exposed externally. (3) Be aware the skill will write bot tokens to ~/.openclaw/openclaw-weixin/*.json and restart the gateway — ensure you trust the destination path and backup anything important. (4) If you cannot verify the npm package or the CDN, do not run the instructions; request the skill author to provide source code, a trusted install URL (GitHub release), or an option to use a local-only upload method. (5) Prefer testing in an isolated environment (VM or throwaway account) and validate the installed package contents before allowing it to run in your main account.
Capability Analysis
Type: OpenClaw Skill
Name: weixin-connect
Version: 1.0.0
The skill 'weixin-connect' facilitates connecting a personal WeChat account via Tencent's iLink service but contains significant command injection vulnerabilities. In SKILL.md, the instructions direct the agent to fetch data from a remote API (ilinkai.weixin.qq.com) and inject it directly into shell commands and JavaScript files using 'sed' and 'node -e' without any input sanitization. This pattern (specifically in Step 2 and Step 4b) allows for potential code execution if the API response contains malicious characters. While the workflow appears legitimate, the unsafe handling of external data in shell execution poses a high risk.
Capability Assessment
Purpose & Capability
Name/description (connect personal WeChat) align with the actual actions: call ilink API for QR code, generate PNG, persist credentials under ~/.openclaw/openclaw-weixin, and restart the OpenClaw gateway. Installing an OpenClaw Weixin plugin and writing bot tokens to the OpenClaw account directory are coherent with the stated purpose.
Instruction Scope
The SKILL.md prescribes exact shell commands including remote API calls, npm/node usage, writing credential files, and restarting the gateway — all within the scope of connecting WeChat. However it mandates using an upload_to_cdn step (no alternative allowed) and explicitly forbids exposing the raw qrcode URL or using other upload methods. That enforced CDN upload plus the lack of detail about what 'upload_to_cdn' does is a potential exfiltration vector. The doc also forbids reading other docs and forbids deviations, which reduces transparency and auditability.
Install Mechanism
The skill is instruction-only (no packaged install), but the runtime instructions call npx to install @tencent-weixin/openclaw-weixin-cli and run npm installs in /tmp and node scripts. npx/npm will fetch and execute remote code at runtime (moderate risk). There is no pinned registry URL or checksum, and upload_to_cdn is an opaque action — the mechanism relies on external packages and unspecified upload behavior.
Credentials
The skill does not request unrelated environment variables or secrets. It does persist ilink_bot_id/bot_token/baseurl/ilink_user_id into files under the user's home directory, which is necessary for operation but means credentials will exist on disk; this is proportionate to the purpose but worth noting.
Persistence & Privilege
The skill does not request 'always' or other elevated policy flags. It writes credential files under ~/.openclaw/openclaw-weixin and restarts the OpenClaw gateway (openclaw gateway restart), which is a privileged action affecting the local agent runtime — appropriate for activation but something the user should consent to and audit.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install weixin-connect - After installation, invoke the skill by name or use
/weixin-connect - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.0
Initial publish
Metadata
Frequently Asked Questions
What is Weixin Connect?
连接个人微信(不是企业微信)。用户说"连接个人微信"、"接入个人微信"、"绑定个人微信"、"个人微信扫码"时使用本 skill。注意:如果用户说的是"企业微信"或"企微",本 skill 不适用,请使用 wecom-connect skill。一旦匹配本 skill,必须严格按流程执行到底,不得跳步或自由发挥。 It is an AI Agent Skill for Claude Code / OpenClaw, with 1162 downloads so far.
How do I install Weixin Connect?
Run "/install weixin-connect" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Weixin Connect free?
Yes, Weixin Connect is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Weixin Connect support?
Weixin Connect is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Weixin Connect?
It is built and maintained by EaseLearnAI (@easelearnai); the current version is v1.0.0.
More Skills