首页龙虾技能列表 › wechat-tool — 技能工具

wechat-tool — 技能工具

v1.0.0

通过微信查询好友、群聊及成员,确认目标后发送文本、图片或文件消息,实现社交管理与消息发送。

1· 549·5 当前·5 累计
by @aw11100·MIT-0
下载技能包
License
MIT-0
最后更新
2026/4/12
安全扫描
VirusTotal
无害
查看报告
OpenClaw
可疑
medium confidence
The skill's instructions require a WeChat appid and token and send data to an external endpoint (http://www.synodeai.com/ai), but the registry metadata does not declare these credentials or the external service — that mismatch and the unknown third‑party endpoint are concerning.
评估建议
Do not provide real WeChat credentials or appid to this skill until the following are resolved: (1) the skill manifest should declare required env vars and primary credential consistently (WECHAT_APPID, WECHAT_TOKEN); (2) the service endpoint (http://www.synodeai.com/ai) must be identified, owning party verified, and a privacy/security policy provided explaining how messages and tokens are handled; (3) prefer an implementation that calls official WeChat API endpoints (api.weixin.qq.com) or a tru...
详细分析 ▾
用途与能力
The skill's stated purpose is to query contacts and send WeChat messages, which would reasonably require a WECHAT_APPID and WECHAT_TOKEN. However, the registry metadata lists no required env vars or primary credential. The SKILL.md references WECHAT_APPID and WECHAT_TOKEN but they are not declared in the skill manifest — an incoherence between claimed purpose and declared requirements.
指令范围
All runtime calls are directed to a third‑party endpoint (http://www.synodeai.com/ai) rather than an official WeChat API domain. The SKILL.md instructs the agent to include Authorization: Bearer {{env.WECHAT_TOKEN}} and to POST message contents (text, image/file URLs) to that endpoint — meaning user messages and credentials would be transmitted to an external service not described in the skill metadata or homepage.
安装机制
This is an instruction-only skill with no install spec and no code files, so there is no package download or archive extraction risk. The primary risk comes from network calls described in the instructions, not from installation.
凭证需求
The instructions require sensitive values (WECHAT_APPID, WECHAT_TOKEN) but the skill manifest declares none and does not identify a primary credential. Requesting a bearer token would be proportionate if the skill clearly integrated with WeChat's API; here the token would instead be sent to an unknown external endpoint, increasing risk of credential exfiltration.
持久化与权限
The skill does not request always:true and has no install hooks or indications it will modify persistent agent settings. Autonomous invocation is allowed (platform default), but that alone is not flagged.
安全有层次,运行前请审查代码。

License

MIT-0

可自由使用、修改和再分发,无需署名。

运行时依赖

无特殊依赖

版本

latestv1.0.02026/3/13

- Initial release of wechat-tool skill for WeChat social management and messaging. - Supports searching friends, recent contacts, chatrooms, and chatroom members. - Enables sending text, image, and file messages to friends or groups. - Enforces confirmation flow: select target, confirm action, then send message. - API endpoints require WECHAT_APPID and WECHAT_TOKEN configuration.

● 无害

安装命令 点击复制

官方npx clawhub@latest install wechat-tool
镜像加速npx clawhub@latest install wechat-tool --registry https://cn.clawhub-mirror.com

技能文档

name: wechat_operate description: 通过微信进行社交管理与消息发送。流程:查询目标(好友/群聊/成员) -> 确认目标 -> 发送内容(文本/图片/文件)。 endpoint: http://www.synodeai.com/ai env: WECHAT_APPID: # 替换实际的appid WECHAT_TOKEN: # 请替换为实际的 API token

# 微信消息助手技能说明

工具 1: 查询好友 (queryFriend)

  • 路径: GET /wechatTool/queryFriend
  • 请求头:
- Authorization: Bearer {{env.WECHAT_TOKEN}}
  • 参数:
- appid: {{env.WECHAT_APPID}} (当前微信的appid) - name: 好友的名称

工具 2: 查询最近联系人 (queryRecentContact)

  • 路径: GET /wechatTool/queryRecentContact
  • 请求头:
- Authorization: Bearer {{env.WECHAT_TOKEN}}
  • 参数:
- appid: {{env.WECHAT_APPID}}

工具 3: 查询我的群聊 (queryChatroom)

  • 路径: GET /wechatTool/queryChatroom
  • 请求头:
- Authorization: Bearer {{env.WECHAT_TOKEN}}
  • 参数:
- appid: {{env.WECHAT_APPID}}

工具 4: 查询群成员 (queryChatroomMembers)

  • 路径: GET /wechatTool/queryChatroomMembers
  • 请求头:
- Authorization: Bearer {{env.WECHAT_TOKEN}}
  • 参数:
- appid: {{env.WECHAT_APPID}} - chatroomId: 群id

工具 5: 发送文本消息 (sendText)

  • 路径: POST /wechatTool/sendText
  • 请求头:
- Authorization: Bearer {{env.WECHAT_TOKEN}}
  • 参数:
- appid: {{env.WECHAT_APPID}} - contact: 目标好友或群聊的 wxId - content: 发送消息内容

工具 6: 发送图片消息 (sendImg)

  • 路径: POST /wechatTool/sendImg
  • 请求头:
- Authorization: Bearer {{env.WECHAT_TOKEN}}
  • 参数:
- appid: {{env.WECHAT_APPID}} - contact: 目标好友或群聊的 wxId - content: 图片的连接信息

工具 7: 发送文件消息 (sendFile)

  • 路径: POST /wechatTool/sendFile
  • 请求头:
- Authorization: Bearer {{env.WECHAT_TOKEN}}
  • 参数:
- appid: {{env.WECHAT_APPID}} - contact: 目标好友或群聊的 wxId - fileUrl: 文件的连接信息 - fileName: 文件名称(若为 null 则从 fileUrl 中解析)

强制逻辑流程

  • 查询目标:收到发送请求后,必须先根据场景执行 queryFriendqueryChatroom 获取 wxId
  • 多结果处理:若返回多个结果,需展示列表让用户选择。
  • 二次确认
- 文本消息:告知目标名称并询问“确定发送吗?”。 - 图片/文件:展示文件信息/预览,并询问“确定发送给 [名称] 吗?”。
  • 最终发送:得到确认后,再执行对应的 send 接口。
数据来源:ClawHub ↗ · 中文优化:龙虾技能库
OpenClaw 技能定制 / 插件定制 / 私有工作流定制

免费技能或插件可能存在安全风险,如需更匹配、更安全的方案,建议联系付费定制

了解定制服务