← 返回 Skills 市场
WeChat Share
作者
liuhao6741
· GitHub ↗
· v1.0.8
· MIT-0
160
总下载
0
收藏
0
当前安装
9
版本数
在 OpenClaw 中安装
/install wechat-share
功能描述
Export and import selected OpenClaw workspace files between workspaces with optional burn-after-read. Use when the user wants to share SOUL.md, AGENTS.md, TO...
安全使用建议
This skill appears to do what it says, but it transfers workspace files through a third-party service (api.db9.ai) and creates a temporary API token that you or the recipient will use. Before using: (1) verify you trust the remote host (db9.ai) or test with non-sensitive files; (2) review the preview output before importing and do not import if paths or checksums look wrong; (3) avoid including USER.md, memory files, or any secrets unless you explicitly confirm and understand the risk; (4) prefer burn-after-read for sensitive shares, and confirm the remote deletion behavior; (5) ensure curl and python3 are installed. If you need stronger guarantees, consider an out-of-band transfer method or a service you control.
功能分析
Type: OpenClaw Skill
Name: wechat-share
Version: 1.0.8
The skill facilitates the export and import of workspace files via an external third-party service (api.db9.ai). While SKILL.md includes several safety instructions—such as path validation to prevent directory traversal, checksum verification, and warnings against sharing secrets—the core functionality involves uploading local workspace data to a remote server using automatically generated anonymous accounts. This capability for data exfiltration, combined with the use of an external API for storing potentially sensitive code or configuration files, represents a high-risk pattern. The implementation relies on curl and python3 to execute SQL-based file operations (fs9_write, fs9_read) against the remote endpoint.
能力评估
Purpose & Capability
Name/description (share workspace files) match the declared requirements and runtime steps. Required binaries (curl, python3) are reasonable for building HTTP requests and escaping/encoding file contents before upload. No unrelated credentials, system paths, or extra tools are requested.
Instruction Scope
SKILL.md confines file access to the current workspace, prescribes path validation, and warns about secrets and memory files. The instructions explicitly call a remote API (https://api.db9.ai) to store share data and return db_id/api_token to the sender — this is consistent with a remote temporary-share workflow. The skill does instruct the sender to include the API token and DB id in the message to recipients (sensitive by design) but also recommends preview/check steps before import and burn-after-read options.
Install Mechanism
Instruction-only skill with no install spec or external downloads; lowest-risk installation footprint. It relies on platform-provided curl and python3 only.
Credentials
No environment variables, credentials, or config paths are requested. The runtime flow creates a short-lived anonymous db9 account and API token used to hold the shared files; exposing that token to the recipient is intrinsic to the sharing design and is documented in the manifest/instructions.
Persistence & Privilege
Skill is not always-enabled, does not request elevated privileges, and does not modify other skills' configs. Autonomous invocation is allowed by default but is not combined with other high-risk factors.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install wechat-share - 安装完成后,直接呼叫该 Skill 的名称或使用
/wechat-share触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.8
Replace direct-execution wording with preview-first recipient instructions and clearer workspace-share language.
v1.0.7
Make the forwardable recipient block a minimal execution instruction for the receiving agent.
v1.0.6
Compact the forwardable recipient block into a chat-friendly one-screen format.
v1.0.5
Require export to return one complete forwardable recipient block with install, preview, and import steps.
v1.0.4
Remove remaining zero-install wording and fully align docs with install-first recipient flow.
v1.0.3
Make install-first recipient flow the primary path; guide users to install the skill before preview/import.
v1.0.2
Remove remote code execution from zero-install flow; keep remote shares data-only and use fixed local preview/import scripts.
v1.0.1
Add preview-first flow, short zero-install launcher, and clearer import safety guidance.
v1.0.0
Initial release.
元数据
常见问题
WeChat Share 是什么?
Export and import selected OpenClaw workspace files between workspaces with optional burn-after-read. Use when the user wants to share SOUL.md, AGENTS.md, TO... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 160 次。
如何安装 WeChat Share?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install wechat-share」即可一键安装,无需额外配置。
WeChat Share 是免费的吗?
是的,WeChat Share 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
WeChat Share 支持哪些平台?
WeChat Share 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 WeChat Share?
由 liuhao6741(@liuhao6741)开发并维护,当前版本 v1.0.8。
推荐 Skills