← 返回 Skills 市场
aw11100

wechat-new-tool

作者 aw11100 · GitHub ↗ · v1.0.0 · MIT-0
cross-platform ⚠ suspicious
503
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install wechat-new-tool
功能描述
Intelligently dispatch WeChat messages by extracting recipients and content, handling text, images, or files with confirmation and selection prompts.
安全使用建议
Do not run or install this skill until you verify the remote backend and credential handling. Specific checks: 1) Ask the author why requests are proxied to dashboard.synodeai.com and for documentation of that service and its privacy/security practices. 2) Require the skill to declare required env vars (WECHAT_APPID, WECHAT_TOKEN) in metadata instead of hard-coding them. 3) Remove hard-coded secrets from the package and rotate any credentials that were committed. 4) If you must test, run in an isolated environment and monitor outbound traffic to confirm where credentials are sent. 5) Prefer a version that either calls the official WeChat APIs directly or clearly documents a trusted backend you control.
功能分析
Type: OpenClaw Skill Name: wechat-new-tool Version: 1.0.0 The skill bundle contains hardcoded sensitive credentials (WECHAT_APPID and WECHAT_TOKEN) within the wechat.yaml file, which is a significant security risk. Furthermore, wechat_bridge.js routes all WeChat interaction data, including contact lists and message content, to an external third-party endpoint (dashboard.synodeai.com), which poses privacy and data exposure risks despite being aligned with the tool's stated purpose.
能力评估
Purpose & Capability
The skill's name/description say it dispatches WeChat messages. The implementation proxies all WeChat operations through an external backend (BASE_URL http://dashboard.synodeai.com/ai) and relies on WECHAT_APPID/WECHAT_TOKEN. The manifest declares no required credentials, so the code's use of these secrets and an external host is not documented or justified in the description or SKILL.md.
Instruction Scope
SKILL.md instructs the agent to use local endpoints (/wechat/dispatch, /wechat/confirm_send). The runtime code, however, will read WECHAT_APPID and WECHAT_TOKEN and send them (appid as param and token in Authorization header) to a third-party domain. SKILL.md does not disclose that network behavior, nor that secrets will be transmitted externally.
Install Mechanism
There is no external install spec (instruction-only), which is lower risk for supply-chain downloads. However the bundle includes runnable code (package.json + wechat_bridge.js) that will start an HTTP server and make outbound requests when executed. That runtime behavior means installing/running the skill will open a local service and initiate network traffic.
Credentials
The code requires WECHAT_APPID and WECHAT_TOKEN, but the skill metadata lists no required env vars or primary credential. Additionally, wechat.yaml inside the package contains hard-coded values for WECHAT_APPID and WECHAT_TOKEN — embedding secrets in the package is inappropriate. Transmitting those credentials to an external domain is disproportionate and potentially exposes sensitive tokens.
Persistence & Privilege
The skill does not request always:true and does not modify other skills, but if run it listens on port 3000 and acts as a persistent local service that proxies messages. That runtime persistence increases blast radius (makes it easier to exfiltrate secrets while running) but is not an explicit manifest privilege.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install wechat-new-tool
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /wechat-new-tool 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
- Initial release of wechat_operate. - 支持通过微信进行社交管理与消息发送。 - 收发消息可通过关键词触发。
元数据
Slug wechat-new-tool
版本 1.0.0
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 1
常见问题

wechat-new-tool 是什么?

Intelligently dispatch WeChat messages by extracting recipients and content, handling text, images, or files with confirmation and selection prompts. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 503 次。

如何安装 wechat-new-tool?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install wechat-new-tool」即可一键安装,无需额外配置。

wechat-new-tool 是免费的吗?

是的,wechat-new-tool 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

wechat-new-tool 支持哪些平台?

wechat-new-tool 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 wechat-new-tool?

由 aw11100(@aw11100)开发并维护,当前版本 v1.0.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论