中文 EN

扫描报告

扫描新文件

可信 — 风险评分 5/100
上次扫描:1 天前 重新扫描
5 /100
wecom-openclaw
Integrate WeChat Work (Enterprise WeChat) with OpenClaw for intelligent messaging
This is a legitimate WeChat Work (Enterprise WeChat) webhook adapter that integrates with OpenClaw for AI-powered messaging. All base64 encoding is standard WeChat Work encryption protocol (AES-256-CBC), not obfuscation.
技能名称wecom-openclaw
分析耗时37.2s
引擎pi
可以安装
No security concerns detected. The skill can be used as documented. For production hardening, implement the optional security measures in references/security-guide.md (rate limiting, message deduplication, response filtering).

安全发现 2 项

严重性 安全发现 位置
低危
Minor disclosure gap for file/network access 文档欺骗
SKILL.md does not explicitly mention that the adapter writes log files and makes outbound network requests, though both are standard webhook adapter behavior. The network calls are to documented WeChat Work APIs and the local OpenClaw gateway.
fs.mkdirSync(logsDir, { recursive: true });
→ Optional: Add 'Writes logs to filesystem' and 'Makes HTTPS requests to WeChat Work API and OpenClaw gateway' to SKILL.md capabilities section
 scripts/index.js:43
提示
Dependency versions not pinned 供应链
deploy.sh uses caret ranges (^4.21.2, ^1.8.4, ^0.6.2, ^16.4.7) which allow minor/patch updates. This is a minor supply chain concern.
"express": "^4.21.2"
→ Consider pinning exact versions (4.21.2) for reproducible builds, or use a lockfile strategy
 scripts/deploy.sh:29
资源类型声明权限推断权限状态证据
文件系统 NONE WRITE ✓ 一致 scripts/index.js:43 - fs.mkdirSync(logsDir); scripts/index.js:48 - fs.appendFile…
网络访问 NONE WRITE ✓ 一致 scripts/index.js:191 - POST to qyapi.weixin.qq.com; scripts/index.js:229 - POST …
命令执行 NONE NONE No shell execution detected
环境变量 NONE READ ✓ 一致 SKILL.md documents all required env vars; code reads via dotenv
4 严重 10 项发现
🔒
严重 编码执行 Base64 编码执行(代码混淆)
Buffer.from(AGENT_SECRET + '=', 'base64'
scripts/index.js:94
🔒
严重 编码执行 Base64 编码执行(代码混淆)
Buffer.from(echostr, 'base64'
scripts/index.js:97
🔒
严重 编码执行 Base64 编码执行(代码混淆)
Buffer.from(encodingAESKey + '=', 'base64'
scripts/index.js:216
🔒
严重 编码执行 Base64 编码执行(代码混淆)
Buffer.from(encryptedMsg, 'base64'
scripts/index.js:219
🔗
中危 外部 URL 外部 URL
https://work.weixin.qq.com
references/setup-guide.md:12
🔗
中危 外部 URL 外部 URL
https://your-tunnel.trycloudflare.com/webhook
references/setup-guide.md:20
🔗
中危 外部 URL 外部 URL
https://xxx.trycloudflare.com
references/setup-guide.md:56
🔗
中危 外部 URL 外部 URL
https://xxx.trycloudflare.com/webhook
references/setup-guide.md:67
🔗
中危 外部 URL 外部 URL
https://qyapi.weixin.qq.com/cgi-bin/message/send?access_token=$
scripts/index.js:192
🔗
中危 外部 URL 外部 URL
https://qyapi.weixin.qq.com/cgi-bin/gettoken?corpid=$
scripts/index.js:260

目录结构

5 文件 · 22.5 KB · 697 行
Markdown 3f · 321L JavaScript 1f · 310L Shell 1f · 66L
├─ 📁 references
│ ├─ 📝 security-guide.md Markdown 98L · 2.5 KB
│ └─ 📝 setup-guide.md Markdown 100L · 2.9 KB
├─ 📁 scripts
│ ├─ 🔧 deploy.sh Shell 66L · 1.7 KB
│ └─ 📜 index.js JavaScript 310L · 10.3 KB
└─ 📝 SKILL.md Markdown 123L · 5.1 KB

依赖分析 4 项

包名版本来源已知漏洞备注
express ^4.21.2 npm Caret range allows minor updates; no major vulnerabilities known
axios ^1.8.4 npm Caret range allows minor updates; SSRF concerns mitigated by fixed endpoint list
xml2js ^0.6.2 npm Caret range; XML parsing library with no critical vulnerabilities
dotenv ^16.4.7 npm Standard env loading; no known security issues

安全亮点

✓ Base64 encoding is legitimate WeChat Work encryption protocol (AES-256-CBC with EncodingAESKey), not code obfuscation
✓ No credential harvesting or exfiltration - tokens stay in .env and are used only for intended API calls
✓ No reverse shell, C2, or unauthorized remote code execution
✓ All network calls go to documented WeChat Work APIs (qyapi.weixin.qq.com) and the local OpenClaw gateway
✓ No hidden functionality - code behavior matches SKILL.md description
✓ Logs are written locally only, no outbound log exfiltration
✓ Proper signature verification (SHA1) prevents spoofed webhook calls
✓ Async reply pattern correctly handles WeChat's 5-second timeout requirement
✓ No iterates through os.environ for sensitive keys - only reads documented env vars via dotenv