wechat-channel

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 0.80). The prompt contains examples that embed secrets/tokens directly in configs and curl commands (e.g., PADLOCAL_TOKEN, OPENCLAW_WEBHOOK_SECRET, "Authorization: Bearer YOUR_SECRET"), which would require the agent to insert actual secret values verbatim into generated requests/commands.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). The skill ingests arbitrary user-generated WeChat messages via the Wechaty Bridge and forwards them to the OpenClaw webhook (see scripts/wechat-bridge.js: buildMessagePayload → forwardToOpenClaw posting to ${config.openclawGatewayUrl}/webhook/wechat and the SKILL.md webhook payload), so untrusted third-party content is read and can directly influence agent behavior.