wecom-notify
Pass
Audited by Gen Agent Trust Hub on Mar 2, 2026
Risk Level: SAFEDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The script
scripts/send_wecom.pyaccesses sensitive configuration at~/.openclaw/openclaw.jsonto retrieve theWECOM_CORP_SECRETand other credentials. - [DATA_EXFILTRATION]: The skill is designed to read local files using the
read_bytes()method inscripts/send_wecom.pyand upload them to the well-known WeCom API service atqyapi.weixin.qq.com. - [PROMPT_INJECTION]: Vulnerability to indirect prompt injection (Category 8).
- Ingestion points: Command-line arguments (
message,--image,--file) inscripts/send_wecom.pywhich may contain untrusted data from the agent context. - Boundary markers: No markers or delimiters are used when interpolating input into the JSON payload for the WeCom API.
- Capability inventory: File system read access and network transmission capabilities via
urllib.request. - Sanitization: The skill does not sanitize or validate the message content or file paths before processing and sending them externally.
Audit Metadata