← 返回 Skills 市场
82
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install wechat-miniprogram-toolkit
功能描述
微信小程序全栈开发 skill,支持项目初始化、云开发(数据库/存储/云函数/聚合查询/事务)、用户登录鉴权、微信支付(JSAPI/统一下单/支付通知/退款)、直播/实时音视频(TRTC)、数据分析/埋点、分享海报/朋友圈分享、TypeScript 泛型封装、云托管(容器化后端)、客服消息、订阅消息、客服自动回复...
安全使用建议
This skill appears to be exactly a WeChat Mini Program developer toolkit and is coherent with its descriptions. Before installing or running it:
- Inspect scripts/analyze_subpackages.py (and any other included scripts) to confirm they only read project files and do not call unexpected remote endpoints or read system secrets.
- When you configure CI/CD, store AppID/AppSecret/private keys in your CI secret manager (GitHub Secrets) and avoid printing secrets or committing private keys. Be careful with steps that echo secrets into files—ensure those files are not uploaded as build artifacts or leaked to logs.
- Review any generated cloud function/analytics code that sends openid or other identifiers to third‑party endpoints; that is normal for analytics but has privacy implications.
- If you are uncomfortable with autonomous code execution by the agent, disable automatic invocation or review and approve any actions before they run.
Overall the package is coherent and appropriate for its domain, but standard operational hygiene around credentials and privacy should be followed.
功能分析
Type: OpenClaw Skill
Name: wechat-miniprogram-toolkit
Version: 1.0.0
The bundle is a comprehensive WeChat Mini Program development toolkit, but it is classified as suspicious due to high-risk instructions in SKILL.md. It directs the AI agent to perform automated software installations (e.g., SkillHub, miniprogram-ci) and implements a 'self-evolution' mechanism that allows the agent to modify its own reference files (references/error-log.md) based on user feedback. This creates a significant surface for persistent prompt injection where a user could trick the agent into 'learning' and later executing malicious instructions. The Python script scripts/analyze_subpackages.py is functional and performs local file analysis without evidence of malicious intent.
能力标签
能力评估
Purpose & Capability
The name/description (WeChat mini program full-stack toolkit) matches the provided SKILL.md and reference documents (auth, cloud-dev, ci-cd, payment, etc.). The only code file is a subpackage analysis Python script which is directly relevant to the described 'analyze subpackages' capability. No unrelated binaries or environment variables are required by the skill itself.
Instruction Scope
Runtime instructions are focused on project init, running the included scripts (scripts/analyze_subpackages.py), and generating CI/CD configs. Reference docs include examples that call cloud functions and report analytics (wx.cloud.callFunction, wx.reportEvent) and CI/CD examples that require AppSecret/private key secrets in GitHub Actions. Those examples are expected for this domain but grant the skill authority to (a) read project files it is asked to analyze and (b) produce CI/CD configs that reference or consume secrets. You should review scripts/analyze_subpackages.py before running it in your workspace, and review any generated CI workflow before enabling it.
Install Mechanism
No install spec — instruction-only plus a small Python script. This is low risk compared to download/install flows. Optional tooling (miniprogram-ci, Node, Python) are described as project dependencies or CI runner tools and are reasonable for the stated features.
Credentials
The skill itself declares no required environment variables or credentials. Reference docs and CI/CD examples legitimately describe using WEAPP_APPID/WEAPP_APP_SECRET/WEAPP_PRIVATE_KEY, WEIXIN_MCH_KEY, DATABASE_URL, etc., which are appropriate for building/publishing and payment backends. Two practical cautions: (1) the CI examples show writing secrets into files (echoing secrets into private.weapp.key) — this is common but can be mishandled (leaked into logs or artifacts) if not done carefully; (2) analytics/track examples call cloud functions and include openid or stored user identifiers — this is expected for analytics but is a privacy surface you should control. None of these are unexplained, but they are sensitive and deserve careful handling.
Persistence & Privilege
always is false and the skill does not request persistent system-wide privileges. disable-model-invocation is false (normal). There is no attempt to modify other skills or global agent settings in the provided materials.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install wechat-miniprogram-toolkit - 安装完成后,直接呼叫该 Skill 的名称或使用
/wechat-miniprogram-toolkit触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
wechat-miniprogram-toolkit v1.6.0
- 增加对新版微信小程序全栈开发的完整支持,覆盖云开发、支付、直播、数据分析、类型封装等全链路能力。
- 提供项目初始化、自动分包分析、CI/CD 自动化、分包优化等工程化工具指引。
- 全面梳理必读文档和按需能力模块,支持微信云托管、内容安全、硬件接口等高级特性。
- 优化依赖管理说明,明确开发环境准备与必需工具。
- 补充错误处理和能力清单,便于问题定位和完整能力查询。
元数据
常见问题
Wechat Miniprogram Toolkit 是什么?
微信小程序全栈开发 skill,支持项目初始化、云开发(数据库/存储/云函数/聚合查询/事务)、用户登录鉴权、微信支付(JSAPI/统一下单/支付通知/退款)、直播/实时音视频(TRTC)、数据分析/埋点、分享海报/朋友圈分享、TypeScript 泛型封装、云托管(容器化后端)、客服消息、订阅消息、客服自动回复... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 82 次。
如何安装 Wechat Miniprogram Toolkit?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install wechat-miniprogram-toolkit」即可一键安装,无需额外配置。
Wechat Miniprogram Toolkit 是免费的吗?
是的,Wechat Miniprogram Toolkit 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Wechat Miniprogram Toolkit 支持哪些平台?
Wechat Miniprogram Toolkit 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Wechat Miniprogram Toolkit?
由 SQLSkills(@sqlskills)开发并维护,当前版本 v1.0.0。
推荐 Skills