← 返回 Skills 市场
bingbox

Wecom Deep Op

作者 Bingbox · GitHub ↗ · v2.0.2 · MIT-0
cross-platform ⚠ suspicious
238
总下载
1
收藏
0
当前安装
9
版本数
在 OpenClaw 中安装
/install wecom-deep-op
功能描述
基于微信官方插件 @wecom/wecom-openclaw-plugin v1.0.13+,封装的一站式企业微信自动化解决方案 - 你可以方便操作文档、日历、会议、待办、通讯录所有企业微信MCP能力,充分发挥OpenClaw与企业微信的协同能力。
安全使用建议
This skill appears to implement a legitimate Enterprise WeChat (WeCom) MCP wrapper and needs the bot's uaKey (supplied by you) and local OpenClaw config to work — that is expected. However: - Metadata mismatch: the registry metadata says no env vars/config paths are required, but SKILL.md/README require WECOM_*_BASE_URL environment variables or an mcporter.json entry (uaKey). Confirm the published skill.yml actually declares the env vars before installing. - Audit before running anything that executes shell commands: the repo contains maintainer scripts (publish, build) that call execSync/grep/npm; do not run those unless you trust the source. They are not required for normal runtime but could be misused if executed. - Inspect runtime code (src/index.ts / dist/) for any network calls beyond the user-configured WeCom endpoints (qyapi.weixin.qq.com). Confirm logging does not print full URLs or uaKey. The docs claim uaKey is never stored, but verify in code. - Keep uaKey secret: treat it like a password. Configure it via env vars or mcporter.json with appropriate file permissions. Consider testing in a sandboxed environment or on a non-production account first. - If you need higher assurance: request the published package (skill.yml and dist) from the maintainer or from Clawhub, verify skill.yml lists the env vars and inspect the bundled dist for unexpected outbound endpoints before installing.
功能分析
Type: OpenClaw Skill Name: wecom-deep-op Version: 2.0.2 The wecom-deep-op skill is a comprehensive and well-documented wrapper for Enterprise WeChat (WeCom) MCP capabilities, including document, schedule, meeting, todo, and contact management. The source code (src/index.ts) unifies access to these services by proxying requests to official WeCom endpoints (qyapi.weixin.qq.com) using user-provided environment variables or configuration files. The bundle includes robust input validation,指数退避 (exponential backoff) retry logic, and extensive security documentation (SECURITY_AUDIT.md and README.md) that explicitly addresses credential safety and data flow boundaries. No evidence of malicious intent, unauthorized data exfiltration, or prompt injection was found.
能力评估
Purpose & Capability
Name/description, declared dependency on @wecom/wecom-openclaw-plugin and OpenClaw core, and the provided code (src/dist) all align with a WeCom MCP wrapper. The requested capabilities (doc, schedule, meeting, todo, contact) are appropriate for the stated purpose.
Instruction Scope
SKILL.md and the README instruct the agent/user to read and edit user config (~/.openclaw/workspace/config/mcporter.json) or set WECOM_*_BASE_URL environment variables and to call local CLI tools (wecom_mcp, mcporter, openclaw). Those actions are appropriate for this integration. Nothing in the instructions directs exfiltration to third‑party domains; however the skill expects access to user-managed uaKey credentials and reads local config files — which is expected but sensitive. Some documentation (publish scripts, publishing guides) contains shell/exec usage (execSync, grep) intended for maintainers; these scripts execute commands on the host if run and should be audited before use.
Install Mechanism
There is no install spec in registry metadata (instruction-only), but the package contains runnable code (src/, dist/). That is not necessarily malicious, but the mismatch is a concern: the registry metadata reported 'Required env vars: none' and 'Required config paths: none' while the SKILL.md and README clearly require environment variables or mcporter.json. Also the repo includes publish/build scripts that run shell commands (execSync) — expected for publishing but worth reviewing before executing locally.
Credentials
The skill legitimately needs the WeCom uaKey (via env vars or mcporter.json) to operate. That credential request is proportional to the stated functionality. The problem is the metadata advertised no required env vars/config paths, while the runtime docs require multiple WECOM_*_BASE_URL env vars or a mcporter.json entry. This inconsistency is material: installing under the assumption that 'no env vars are required' would be wrong. Verify skill.yml/package metadata in the published package to confirm declared env entries before installation.
Persistence & Privilege
always:false and autonomous invocation allowed (the platform default). The skill does not request permanent system-wide privileges or claim to modify other skills. It does instruct editing the user's OpenClaw config (expected for integration) but does not demand unusual system persistence.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install wecom-deep-op
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /wecom-deep-op 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v2.0.2
wecom-deep-op v2.0.2 - Bump version to 2.0.2 - Update documentation in SKILL.md to match latest version and usage conventions - Update metadata and config files (CHANGELOG.md, _meta.json, skill.yml) for version alignment and completeness - Minor clarifications and consistency fixes across documentation - No functional logic or interface changes in this release
v2.0.1
wecom-deep-op 2.0.1 更新日志 - 新增英文文档:加入 README.en.md、SKILL.en.md、QUICKSTART.en.md,提升国际化支持。 - 完善说明文档与元数据:更新 CHANGELOG.md、README.md、SKILL.md、skill.yml、_meta.json,内容更加规范和详尽。 - 提升文档结构:区分中英文文档,帮助不同用户更快上手和集成。 - 依赖和作者信息优化:修正/补充作者及依赖声明,便于社区贡献和维护。
v2.0.0
wecom-deep-op v2.0.0 is a major update providing a unified, production-ready solution for automating all major WeCom MCP features (documents, calendar, meetings, todos, contacts) with security-first design. - Unified all WeCom MCP operations (docs, schedule, meetings, todos, contacts) into a single tool/skill interface. - Added automatic preflight configuration checks to ensure proper authorization. - Released extensive Chinese documentation with detailed setup, usage examples, and explanations of error handling and security. - Enforced secure credential management practices (no tokens stored, user-managed configuration). - Updated to depend on @wecom/wecom-openclaw-plugin v1.0.13+ and openclaw v0.5.0+. - Provided guidance and workflow for Clawhub skill installation and publishing.
v1.0.1
- 首发版本,发布 wecom-deep-op v1.0.0,聚合企业微信文档、日程、会议、待办、通讯录所有MCP能力。 - 基于官方插件 @wecom/wecom-openclaw-plugin v1.0.13+ 实现,支持 OpenClaw v0.5.0+ 环境。 - 提供统一调用接口,简化五大MCP服务的操作入口。 - 内置前置检查(自动验证授权和配置),提升使用安全性和稳定性。 - 严格不存储任何敏感凭证,所有token需用户自行安全管理。 - 完善使用示例、错误处理、权限配置和开发发布指南。
v1.0.5
wecom-deep-op v1.0.5 - Documentation updates and minor maintenance changes. - Added release notes for previous version (RELEASE_NOTES_v1.0.4.md). - Updated version numbers in SKILL.md and package.json. - Improved and clarified usage, publishing, and configuration instructions in documentation. - No breaking changes to core functionality.
v1.0.4
wecom-deep-op v1.0.4 - Updated documentation, including SKILL.md, README.md, and CHANGELOG.md. - Added RELEASE_NOTES_v1.0.3.md file. - Bumped version number in configuration files. - Minor clarifications and formatting improvements across doc files.
v1.0.3
wecom-deep-op 1.0.3 更新日志 - 版本号升级至 1.0.3 - 文档 SKILL.md 同步更新版本号,内容小幅微调(比如去除结尾省略号) - 对元数据和依赖声明进行了修订,保持与实际 package.json/skill.yml 一致 - 其它核心功能未变,兼容原有用法
v1.0.2
- Initial public release of wecom-deep-op, a unified skill for automating all core WeCom MCP (企业微信) operations. - Offers a single, simplified interface to access document, calendar, meeting, todo, and contact functions—no need to manage multiple separate plugins. - Features built-in authorization checks (via wecom-preflight) and does not store or transmit any WeCom credentials. - Provides comprehensive usage documentation and step-by-step setup instructions for secure enterprise deployment. - Integrates with OpenClaw (v0.5.0+) and the official @wecom/wecom-openclaw-plugin (v1.0.13+). - Includes code examples and clear error-handling practices for ease of use.
v1.0.0
wecom-deep-op 1.0.0 初始发布,实现企业微信操作能力统一聚合。 - 首次发布,封装文档、日历、会议、待办、通讯录等所有企业微信官方 MCP 能力 - 所有功能均通过统一 wecom_mcp 接口一站式调用,无需分别集成多种服务 - 内置前置检查,辅助用户完成授权配置 - 返回结构规范,提供标准错误处理与重试机制 - 详细文档覆盖安装、配置、安全建议、接口说明及常见问题
元数据
Slug wecom-deep-op
版本 2.0.2
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 9
常见问题

Wecom Deep Op 是什么?

基于微信官方插件 @wecom/wecom-openclaw-plugin v1.0.13+,封装的一站式企业微信自动化解决方案 - 你可以方便操作文档、日历、会议、待办、通讯录所有企业微信MCP能力,充分发挥OpenClaw与企业微信的协同能力。 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 238 次。

如何安装 Wecom Deep Op?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install wecom-deep-op」即可一键安装,无需额外配置。

Wecom Deep Op 是免费的吗?

是的,Wecom Deep Op 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Wecom Deep Op 支持哪些平台?

Wecom Deep Op 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Wecom Deep Op?

由 Bingbox(@bingbox)开发并维护,当前版本 v2.0.2。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论