← 返回 Skills 市场
152
总下载
0
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install weixin-send-media
功能描述
微信发图片/文件技能 - 解决 contextToken 持久化问题
安全使用建议
This skill does what it claims — enabling CLI/scripted Weixin media sends by persisting context tokens — but it patches OpenClaw's weixin gateway code and writes sensitive tokens to disk in plain JSON. Before installing: (1) inspect the actual patch file (patches/inbound.ts.patch) line-by-line to ensure no unexpected behavior, (2) back up ~/.openclaw/extensions/openclaw-weixin/src/messaging/inbound.ts (the installer does this, but verify the backup), (3) consider running the install in a disposable environment (VM/container) first, (4) if you accept installation, restrict token files (chmod 600) and consider adding encryption-at-rest or a more secure storage mechanism, (5) review export-context-token.js to avoid accidentally printing full tokens to logs or stdout, and (6) only install if you trust the author/repository — otherwise prefer an alternative solution that doesn't require patching core files. If you want higher confidence, provide the exact inbound.ts.patch content for a focused audit.
功能分析
Type: OpenClaw Skill
Name: weixin-send-media
Version: 1.1.0
The skill modifies OpenClaw core extension files (~/.openclaw/extensions/openclaw-weixin/src/messaging/inbound.ts) via a patch to persist WeChat contextTokens to the local filesystem (~/.openclaw/openclaw-weixin/context-tokens/). While the documentation in SKILL.md and the logic in install.sh are transparent and aligned with the stated purpose of enabling CLI-based media sending, the practice of patching core system files and storing session tokens on disk represents a high-risk capability that could be leveraged for unauthorized access or system instability.
能力评估
Purpose & Capability
Name/description match the implementation: the scripts and patch add disk persistence for contextToken so CLI and scripts can send media. The files, CLI examples, and install script all align with the stated goal.
Instruction Scope
Runtime instructions explicitly tell the installer to apply a patch to ~/.openclaw/extensions/openclaw-weixin/src/messaging/inbound.ts (a core gateway extension). Modifying core extension code is outside an ordinary skill's isolated scope and increases risk — the skill's own documentation admits it must patch internal functions.
Install Mechanism
No remote downloads or obscure URLs; installation uses a local install.sh that runs patch and creates directories. Using patch to change a core file is intrusive but the mechanism itself is transparent (patch file included in package).
Credentials
No external credentials are requested, which is appropriate, but the skill persists context tokens (sensitive authorization tokens) as plain JSON under ~/.openclaw/openclaw-weixin/context-tokens/. While scripts recommend chmod 600 and install.sh sets the dir to 700, tokens remain unencrypted and an export command can print full token to stdout — that increases the risk of local token exposure or accidental exfiltration.
Persistence & Privilege
The skill modifies another component's source file (the openclaw-weixin gateway extension). This is a system-wide change beyond the skill's own directory and should be treated as elevated privilege; although a backup-and-restore path is provided, altering core behavior is significant and deserves review.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install weixin-send-media - 安装完成后,直接呼叫该 Skill 的名称或使用
/weixin-send-media触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.1.0
**Version 1.1.0 – 安全增强与脚本支持**
- 新增 CHANGELOG.md、脚本(send-image.js, send-file.js, export-context-token.js)、API 参考文档和测试用例
- 完善安全说明,新增专节说明补丁方式和本地 token 文件保护建议
- 新增封装脚本,支持一行命令发送图片或文件
- README/文档全面完善,补充故障排查、FAQ、可用命令及典型用例
- 安装流程支持 install.sh 自动化;不再包含原 ClawHub 发布相关文件
- 强化 contextToken 持久化设计说明,强调本地安全和误报风险
v1.0.0
Initial release with contextToken persistence for media messages in WeChat.
- Implements disk persistence for contextToken, enabling media message sending via CLI/scripts and surviving gateway restarts.
- Supports CLI and script-based sending of images, files, and network images through the openclaw-weixin channel.
- Provides patching instructions for integrating contextToken storage and fallback.
- Adds clear error messages and troubleshooting steps for common issues.
- Includes sample workflows and usage documentation for frequent scenarios.
元数据
常见问题
Weixin Send Media 是什么?
微信发图片/文件技能 - 解决 contextToken 持久化问题. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 152 次。
如何安装 Weixin Send Media?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install weixin-send-media」即可一键安装,无需额外配置。
Weixin Send Media 是免费的吗?
是的,Weixin Send Media 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Weixin Send Media 支持哪些平台?
Weixin Send Media 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Weixin Send Media?
由 linzmin(@linzmin)开发并维护,当前版本 v1.1.0。
推荐 Skills