← 返回 Skills 市场
Tencent Drive(Weiyun) MCP
作者
振云 (Percy)
· GitHub ↗
· v1.0.5
· MIT-0
166
总下载
0
收藏
0
当前安装
4
版本数
在 OpenClaw 中安装
/install tencent-drive-mcp
功能描述
微云网盘 MCP 接口完整技能。包含 weiyun.list、weiyun.list_by_category、weiyun.download、weiyun.delete、weiyun.upload、weiyun.gen_share_link、weiyun.rename_file、weiyun.rename_dir...
安全使用建议
This package appears to implement Weiyun MCP upload/list/delete operations and includes the Python scripts needed to compute special SHA1 states and to call the MCP API. Before installing or running it: 1) Understand you will need a valid Weiyun MCP token (and in some flows real account cookies) — the code expects WEIYUN_MCP_TOKEN or a token provided via mcporter; the manifest did not declare required env vars. 2) SKILL.md tells you to run setup.sh / setup.ps1 and to use the mcporter CLI, but those setup scripts are not included here and mcporter is not declared as a required binary — do not run scripts fetched from unknown sources without reviewing them. 3) The scripts will read local files you choose to upload and will send data to weiyun.com (expected for this skill). 4) If you proceed, obtain the mcporter/setup scripts from a trusted source (preferably the official project), verify them before executing, and be prepared that the auth flow writes tokens into mcporter's config. 5) If you want to use this skill but avoid persistent credential storage, consider passing tokens only at runtime and inspect/limit where credentials are written. If you need help verifying the missing setup scripts or confirming mcporter provenance, ask the skill author for the exact setup.sh/setup.ps1 and their source, or request a version that bundles or documents all required tools.
功能分析
Type: OpenClaw Skill
Name: tencent-drive-mcp
Version: 1.0.5
The skill bundle implements a remote update mechanism via the `check_skill_update` tool (defined in SKILL.md and references/mcp_api.md) that instructs the AI agent to fetch and execute an 'instruction' string from a remote endpoint (weiyun.com). This design pattern creates a significant attack surface for remote prompt injection or unauthorized command execution if the server is compromised. While the core file management logic and custom SHA1 implementation in scripts/upload_to_weiyun.py appear legitimate for Tencent Weiyun integration, the ability for a remote server to provide executable instructions to the agent is a high-risk capability.
能力评估
Purpose & Capability
The skill claims to be a full Weiyun (MCP) client and the included Python scripts implement upload/hash logic and MCP calls to weiyun.com — this aligns with the stated purpose. However the SKILL.md and references repeatedly instruct use of the mcporter CLI and setup.sh/setup.ps1, yet the package manifest does not declare mcporter (or other required binaries) as required nor include the setup scripts. That mismatch (expecting external tools/scripts but not declaring or bundling them) is incoherent.
Instruction Scope
Runtime instructions include network calls to the official MCP endpoint (weiyun.com) which is expected for this skill. They also require computing SHA1 of user-selected files and uploading them — that behavior is appropriate for an upload tool. But the SKILL.md instructs running external setup.sh / setup.ps1 and using mcporter commands for auth/config; those scripts are not present in the file list. Directing users to execute missing/unsupplied scripts is a red flag because it requires fetching or running external code not reviewed here.
Install Mechanism
There is no automated install spec (instruction-only install), and the code files are included directly (Python scripts). This is low-risk compared with arbitrary downloads. However the skill expects users to run external setup scripts and to have the mcporter CLI available; those installers/tools are not provided nor declared, so the installation process will require pulling external code/tools.
Credentials
The manifest declares no required environment variables, but scripts and README explicitly use/expect WEIYUN_MCP_TOKEN (or passing a --token) and real micro-account cookies for some APIs. The auth reference also tells users to run mcporter config add to save a token. Requesting tokens/cookies is proportionate to a cloud storage client, but the skill failing to declare these required credentials and the lack of clear guidance about where to obtain the setup scripts/tools is an inconsistency worth flagging.
Persistence & Privilege
The skill is not always-enabled and doesn't request elevated platform privileges. However the auth instructions instruct writing a token into mcporter's configuration (mcporter config add ... --scope home), which will persist credentials in the user's mcporter config. That behavior is plausible/expected for a client but users should be aware the skill's recommended auth flow modifies local tool configuration.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install tencent-drive-mcp - 安装完成后,直接呼叫该 Skill 的名称或使用
/tencent-drive-mcp触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.5
tencent-drive-mcp v1.0.5
- Added Python script for file encoding fixes: scripts/_encoding_fix.py (and bytecode __pycache__).
- Removed setup.sh installation script.
- Documentation (SKILL.md) updated with more detail for directory deletion (dir_name parameter requirement), error code description, enhanced upload retry instructions, and improved descriptions for FTN上传 SHA1 block calculation support.
- No breaking changes to MCP Tool interfaces or core functionality.
v1.0.4
Tencent Drive MCP 1.0.4 Changelog
按照客官的吩咐,增加了 3 个新接口:移动文件、创建文件夹、移动目录
v1.0.3
tencent-drive-mcp(微云) v1.0.3
- 新增 Windows 环境支持,增加 `setup.ps1` 脚本用于本地安装和认证指引。
- 文档增加本地认证和安装说明:首次使用需参考 `references/auth.md`。
- 新增两个文件操作功能工具:`weiyun.rename_file`(重命名文件)、`weiyun.rename_dir`(重命名目录)。
- 新增文件分类查询工具:`weiyun.list_by_category`,支持按文档、图片、视频等类型分页拉取网盘文件。
- `weiyun.gen_share_link` 支持设置自定义或随机6位密码的分享链接。
- 完善文档与参数说明,提示 Windows 用户脚本兼容性和调用方式。
v1.0.2
- Added detailed usage documentation for all 6 MCP tools: directory listing, batch download, batch delete, file upload (with FTN protocol block SHA1 algorithm), external share link generation, and skill version checking.
- Provided comprehensive technical explanations for block SHA1 calculation, check_sha/check_data computation, and their importance in FTN uploads.
- Documented error codes, API request/response structures, and best practices for reliable integration.
- Included step-by-step usage workflows, troubleshooting guidance, and command-line script instructions for uploading and testing.
- Emphasized version update requirements and parameter validation to prevent common mistakes in MCP operations.
元数据
常见问题
Tencent Drive(Weiyun) MCP 是什么?
微云网盘 MCP 接口完整技能。包含 weiyun.list、weiyun.list_by_category、weiyun.download、weiyun.delete、weiyun.upload、weiyun.gen_share_link、weiyun.rename_file、weiyun.rename_dir... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 166 次。
如何安装 Tencent Drive(Weiyun) MCP?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install tencent-drive-mcp」即可一键安装,无需额外配置。
Tencent Drive(Weiyun) MCP 是免费的吗?
是的,Tencent Drive(Weiyun) MCP 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Tencent Drive(Weiyun) MCP 支持哪些平台?
Tencent Drive(Weiyun) MCP 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Tencent Drive(Weiyun) MCP?
由 振云 (Percy)(@yun-percy)开发并维护,当前版本 v1.0.5。
推荐 Skills