微信公众号接入指南

Name: openclaw-wechat-mp-guide
Author: yang1002378395-cmyk

View on ClawHub↗

Share on X Share on LinkedIn Share on Bluesky

100Critical

The skill is vulnerable to prompt injection, allowing attackers to manipulate its behavior.

ThreatsCI SM CS BC S HITL

Behavior Analysis

Description verified — behavior matches claim

Claims to do

微信公众号接入指南: 让 AI 助手连接微信公众号，自动回复用户消息。

Actually does

This skill provides a guide and `openclaw` commands to integrate an AI assistant with a WeChat Official Account. It instructs the user to manually obtain WeChat AppID/AppSecret and configure a server URL (e.g., `https://your-server.com/wechat`) and Token on the WeChat platform. It then uses `openclaw connect wechat` to input credentials and `openclaw start` to activate the service, allowing for automatic replies, keyword triggers, multi-customer service transfer, and sensitive word filtering configured via `~/.openclaw/config.yaml`. It also provides `openclaw stats wechat` and `openclaw logs` commands.

Threat Analysis

AI Agent Traps ↗Scanned 4/16/2026

Content InjectionPerception1 finding

Semantic ManipulationReasoningclean

Cognitive StateMemory & Learningclean

Behavioural ControlActionclean

SystemicMulti-Agent Dynamicsclean

Human-in-the-LoopHuman Overseerclean

Skill Info

Nameyang1002378395-cmyk/openclaw-wechat-mp-guide

Registryclawhub

Version1.0.1

PURLpkg:clawhub/yang1002378395-cmyk/openclaw-wechat-mp-guide@1.0.1

Stars1

Downloads1,030

Installs5

Source

Repository ↗

SHA-2562b9169fd9767...

SHA-12795e354b67c...

MD54905b61f2775...

TLSH485173294116...

Size2,767 bytes

Install

This skill has been flagged as potentially malicious. Review the findings below before installing.

OpenClawDocs

https://clawhub.ai/yang1002378395-cmyk/openclaw-wechat-mp-guide

1,030 downloads5 installs

ClawHubDocs

openclaw skills install yang1002378395-cmyk/openclaw-wechat-mp-guide

Assessments (1)

AI Agent Traps ↗

Prompt Injection Detectedcriticalprompt injection

DeBERTa classifier detected prompt injection (confidence: 0.99)

99% confidence

Badge

Markdown

[![Mondoo Skill Check](https://mondoo.com/ai-agent-security/api/badge/clawhub/yang1002378395-cmyk/openclaw-wechat-mp-guide.svg)](https://mondoo.com/ai-agent-security/skills/clawhub/yang1002378395-cmyk/openclaw-wechat-mp-guide)

HTML

<a href="https://mondoo.com/ai-agent-security/skills/clawhub/yang1002378395-cmyk/openclaw-wechat-mp-guide"><img src="https://mondoo.com/ai-agent-security/api/badge/clawhub/yang1002378395-cmyk/openclaw-wechat-mp-guide.svg" alt="Mondoo Skill Check" /></a>

Image URL

https://mondoo.com/ai-agent-security/api/badge/clawhub/yang1002378395-cmyk/openclaw-wechat-mp-guide.svg

Secure your AI agents

Skills can read files, run commands, and access credentials. Mondoo helps organizations manage the security risks of AI agent skills across their entire fleet.

Continuous scanning of skills across all registries
Policy enforcement before skills reach your agents
Integration with your existing security workflow