← Back to Skills Marketplace
36
Downloads
0
Stars
0
Active Installs
1
Versions
Install in OpenClaw
/install huo15-wecom
Description
火一五·企业微信(WeCom)OpenClaw 插件 v2.8.8 — 默认走 Bot WebSocket(响应快、配置简单),自带加密媒体解密 / Agent 主动发消息 / 微信客服三通道接入 / 多账号切换。v2.8.8 修了 WS BOT 三个图片相关缺陷:reply 用错 SDK 通道(sendMedi...
README (SKILL.md)
火一五企业微信插件
@huo15/wecom 是 OpenClaw 的企业微信通道插件,fork 自 yanhaidao/wecom 并持续合并上游。默认 Bot WebSocket 模式,配置简单、响应快;同时支持 Agent 自建应用主动推送和微信客服三方通道。
三条消息通道
| 通道 | 用途 | 配置入口 |
|---|---|---|
| Bot WebSocket | 默认推荐,企业微信"智能机器人"WS 协议,免公网回调 | channels.wecom.accounts.\x3Cid>.bot.ws |
| Agent 自建应用 | 走企微官方 API(CorpId/AgentId/Secret),支持主动推送给指定用户/群 | channels.wecom.accounts.\x3Cid>.agent |
| 微信客服 | 接管"客服会话",外部客户在微信/视频号里发给客服账号的消息 | channels.wecom.accounts.\x3Cid>.kefu |
三条通道可以单独启用或组合启用,多账号场景每个账号独立配置。
安装
# OpenClaw 内置安装(推荐)
openclaw plugins install @huo15/wecom
# 或者直接 npm
npm install @huo15/wecom
最小配置(Bot WS 模式)
# ~/.openclaw/openclaw.json 中
channels:
wecom:
enabled: true
accounts:
default:
bot:
ws:
botId: "你的智能机器人 ID"
secret: "WS 密钥"
启动后,Bot 收到的消息会自动路由到默认 Agent,回复也通过 WS 直接送回 — 不需要部署任何回调 endpoint。
关键能力
- 加密媒体解密:图片/文件/语音 AES-256-CBC 解密直接拿 buffer,可让 Agent 直接读取(OCR / ASR / 文档解析)
- Markdown V2:支持企微富文本(标题、表格、代码块、链接、引用),自动适配 chat 上下文
- 图片回复:
自动抽离 + uploadMedia + replyMedia,COS/OSS 预签名 URL 失败时降级为占位文本(不让"链接已过期"漏到客户端) - 多账号切换:单实例支持多个企业、多个智能体并存,按 conversation 路由
- 流式回复:placeholder + partial replyStream(最多 8 次中间更新)+ ack timeout watchdog 自动重连
v2.8.8 关键修复(WS BOT 图片)
- Reply 通道纠错:reply 上下文从
sendMediaMessage(主动推送)改用replyMedia(被动回复,绑定 reqId) - 入向多图:
mixed与quote.mixed类型从只取首张改为全部提取;首张挂ctx.MediaPath,其余落盘 + info 日志 - Outbound fetch UA:从裸
fetch切到 plugin-sdkfetchRemoteMedia,显式带 desktop User-Agent,避免部分 Tencent COS / 阿里 OSS bucket 拒绝 Node 默认 UA - 解析可观测性:媒体类型消息但无 attachments 时记 warn 日志(含 msgid + body keys),便于 SDK 字段漂移排查
安全实践
- LLM 输出的
touser/chatid经resolveWecomTargetsanitizer,拒绝@all/@everyone/*等广播字面量(v2.8.1 SECURITY 修复) - 跨企业上下游消息走 upstream-delivery 通道,不与本企业 Agent API 混用
- 微信客服
corpSecret可与 AgentcorpSecret独立配置,权限隔离
不变的设计原则
- Bot WS 优先:能用 WS 就不用 Agent API(少配置、低延迟)
- 失败降级:WS reply ack timeout 自动 fallback 到 Agent API(保留消息可达性),watchdog 连续 8 次后触发 WS 重连
- 不修改 OpenClaw 核心:所有功能通过 channel plugin SDK 注册
仓库
- 主仓库:https://cnb.cool/huo15/ai/huo15-wecom-plugin
- 镜像:https://github.com/zhaobod1/huo15-wecom-plugin
- 上游 fork 源:https://github.com/yanhaidao/wecom(仅 fetch,不 push)
License
ISC(继承自 yanhaidao/wecom 上游)。
Usage Guidance
What to consider before installing:
- The plugin codebase (many TypeScript files, package.json, tests, changelogs) matches the claimed functionality, but the registry metadata incorrectly labels it 'instruction-only' and lists no install spec or config paths — confirm the canonical install source (npm package name and publisher) and whether OpenClaw will build/run the included code or just the registry pointer.
- SKILL.md and README instruct you to put sensitive WeCom credentials (corpId/agentSecret, Bot WS secret, etc.) into your OpenClaw configuration. Only provide those secrets after you verify the package origin (npm owner, GitHub repo, signed release) and review the source files that will be executed.
- A prompt-injection pattern (unicode-control-chars) was found in SKILL.md. Ask the maintainer to explain or remove any hidden/zero-width characters before trusting the docs/evaluation results.
- Recommended precautions:
- Install into an isolated/staging OpenClaw instance first, not production.
- Verify package integrity: check npm publisher, compare contents with the GitHub mirror (https://github.com/zhaobod1/huo15-wecom-plugin) and upstream (yanhaidao/wecom). Prefer installing from an official registry mirror you trust.
- Review package.json, build scripts and any postinstall hooks for network calls or shell execution before running.
- Limit plugin credentials to least privilege (e.g., separate corpSecret for kefu vs agent as documented), and rotate secrets if you test the plugin.
- Monitor outbound network activity and application logs after deployment; test sending and receiving in non-sensitive accounts first.
What would raise confidence: explicit install spec in registry metadata referencing a well-known registry/release (npm org or GitHub release), a signed release or reproducible build, the maintainer's verified identity, and removal/explanation of the unicode-control characters found in SKILL.md.
Capability Analysis
Type: OpenClaw Skill
Name: huo15-wecom
Version: 2.8.8
The plugin implements a high-risk 'local path delivery' feature in src/capability/bot/local-path-delivery.ts that allows the AI agent to read and exfiltrate files from sensitive system directories (including /root, /home, and /Users) if a 'send intent' is detected in the user's message. This logic relies on a broad regex and heuristic intent check while bypassing the path-restriction checks (assertLocalMediaAllowed) used elsewhere in the bundle, creating a significant path traversal and data exfiltration vulnerability. Additionally, the MCP transport in src/capability/mcp/transport.ts fetches configuration URLs from the remote WeCom server, which could be exploited for SSRF attacks.
Capability Tags
Capability Assessment
Purpose & Capability
The name, description, README and the large TypeScript codebase are coherent: this is an OpenClaw WeCom channel plugin providing Bot WS / Agent / Kefu paths, media decryption, document/calendar tools, and upstream (cross-corp) support. However the registry metadata claims 'No install spec' / 'instruction-only' and 'no required env vars' while the SKILL.md and README clearly instruct users to install the npm package and to add WeCom credentials into ~/.openclaw/openclaw.json (CorpId/AgentSecret/etc). That mismatch between declared metadata and actual package content/config needs clarification.
Instruction Scope
SKILL.md instructs installation via 'openclaw plugins install @huo15/wecom' or 'npm install @huo15/wecom' and shows explicit configuration examples that require provisioning sensitive WeCom credentials into OpenClaw config files. SKILL.md references a local config path (~/.openclaw/openclaw.json) but registry metadata lists no required config paths. Pre-scan found 'unicode-control-chars' in SKILL.md (prompt-injection pattern). The instructions do not instruct arbitrary file reads, but the mismatch about required config location and the presence of injection-character patterns are concerning and should be resolved before trusting the plugin.
Install Mechanism
There is no registry install spec included in the metadata even though the package contains package.json and a full codebase (223 files, TypeScript sources, tests, changelog). The SKILL.md recommends installing via OpenClaw's plugin system or npm. Installing via npm is a standard mechanism; there are no evidence strings of remote arbitrary downloads in the provided files. Still, the registry entry's 'instruction-only' label despite bundled source is an inconsistency to confirm (where will the platform run/build the code and from which origin will users fetch it?).
Credentials
The registry declares no required environment variables; the plugin expects WeCom credentials to be configured in OpenClaw's channel config (openclaw.json) rather than as environment variables. The set of credentials and APIs the code uses (WeCom Agent/Corp APIs, corpgroup upstream token flow) is proportional to the plugin's stated purpose. No unrelated cloud credentials or broad environment secrets are requested by the package metadata.
Persistence & Privilege
The skill does not request 'always: true' and uses normal autonomous invocation defaults. Because it is a messaging channel plugin that can send messages and access enterprise data, it inherently can exfiltrate information if misused. This is expected for a channel plugin, but combined with the metadata vs. code inconsistencies and prompt-injection signal it raises additional reason to review source and run in a restricted environment first.
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install huo15-wecom - After installation, invoke the skill by name or use
/huo15-wecom - Provide required inputs per the skill's parameter spec and get structured output
Version History
v2.8.8
v2.8.8 focuses on critical bug fixes for image handling in Bot WebSocket mode:
- Fixed reply channel: now uses replyMedia (instead of sendMediaMessage) to ensure correct context and reqId binding.
- Improved multi-image extraction: mixed and quote.mixed messages now extract all images, logging additional images for visibility.
- Enhanced outbound media fetch: now applies a desktop User-Agent to avoid COS/OSS 403 errors.
- Added warn logs for media messages with missing attachments to aid troubleshooting.
Metadata
Frequently Asked Questions
What is Huo15 Wecom Plugin?
火一五·企业微信(WeCom)OpenClaw 插件 v2.8.8 — 默认走 Bot WebSocket(响应快、配置简单),自带加密媒体解密 / Agent 主动发消息 / 微信客服三通道接入 / 多账号切换。v2.8.8 修了 WS BOT 三个图片相关缺陷:reply 用错 SDK 通道(sendMedi... It is an AI Agent Skill for Claude Code / OpenClaw, with 36 downloads so far.
How do I install Huo15 Wecom Plugin?
Run "/install huo15-wecom" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is Huo15 Wecom Plugin free?
Yes, Huo15 Wecom Plugin is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does Huo15 Wecom Plugin support?
Huo15 Wecom Plugin is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created Huo15 Wecom Plugin?
It is built and maintained by Job Zhao (@zhaobod1); the current version is v2.8.8.
More Skills