docs: add WeChat channel via @tencent-weixin/openclaw-weixin#52099
docs: add WeChat channel via @tencent-weixin/openclaw-weixin#52099yixinrock wants to merge 5 commits intoopenclaw:mainfrom
Conversation
Greptile SummaryThis PR adds WeChat as a supported channel across the README — in the intro paragraph, Highlights list, ASCII architecture diagram, channels table, and a new setup section. The documentation additions are generally well-structured and consistent with how other channels are presented. However, there is a critical concern with the new WeChat setup section:
The PR should not be merged until the package name is confirmed as published on npmjs.com and the Confidence Score: 1/5
Prompt To Fix All With AIThis is a comment left during a code review.
Path: README.md
Line: 400-404
Comment:
**Unverified package recommended with silent install flag**
The install command `npx -y @tencent-weixin/openclaw-weixin-cli@latest install` has two compounding issues:
1. **`@tencent-weixin/openclaw-weixin-cli` does not appear to exist on the npm registry.** A search of npmjs.com finds no package under this name or the `@tencent-weixin` scope. The closest legitimate Tencent-published OpenClaw channel plugin found is `@wecom/wecom-openclaw-plugin` (for WeCom/Enterprise WeChat), which is a different product entirely.
2. **`-y` silently bypasses npm's install confirmation.** Given recently reported active exploitation of malicious npm packages posing as OpenClaw tooling (deploying RATs and stealing macOS credentials), recommending `npx -y` for an unverified package in this ecosystem is a meaningful supply-chain risk. Users should at minimum be prompted before the package runs.
Before merging, the PR author should confirm the exact published package name on npmjs.com and remove the `-y` flag (or document why it is safe).
```suggestion
```bash
npx @tencent-weixin/openclaw-weixin-cli@latest install
```
```
How can I resolve this? If you propose a fix, please make it concise.Last reviewed commit: "docs: add WeChat cha..." |
![greptile-apps[bot]](https://avatars.githubusercontent.com/in/867647?s=60&v=4){kind=small}
README.md
Outdated
| ### [WeChat](https://docs.openclaw.ai/channels/wechat) | ||
|
|
||
| - Install the official WeChat plugin via the Tencent-provided CLI: | ||
| ```bash | ||
| npx -y @tencent-weixin/openclaw-weixin-cli@latest install |
There was a problem hiding this comment.
The install command npx -y @tencent-weixin/openclaw-weixin-cli@latest install has two compounding issues:
-
@tencent-weixin/openclaw-weixin-clidoes not appear to exist on the npm registry. A search of npmjs.com finds no package under this name or the@tencent-weixinscope. The closest legitimate Tencent-published OpenClaw channel plugin found is@wecom/wecom-openclaw-plugin(for WeCom/Enterprise WeChat), which is a different product entirely. -
-ysilently bypasses npm's install confirmation. Given recently reported active exploitation of malicious npm packages posing as OpenClaw tooling (deploying RATs and stealing macOS credentials), recommendingnpx -yfor an unverified package in this ecosystem is a meaningful supply-chain risk. Users should at minimum be prompted before the package runs.
Before merging, the PR author should confirm the exact published package name on npmjs.com and remove the -y flag (or document why it is safe).
| ### [WeChat](https://docs.openclaw.ai/channels/wechat) | |
| - Install the official WeChat plugin via the Tencent-provided CLI: | |
| ```bash | |
| npx -y @tencent-weixin/openclaw-weixin-cli@latest install | |
| ```bash | |
| npx @tencent-weixin/openclaw-weixin-cli@latest install |
<details><summary>Prompt To Fix With AI</summary>
`````markdown
This is a comment left during a code review.
Path: README.md
Line: 400-404
Comment:
**Unverified package recommended with silent install flag**
The install command `npx -y @tencent-weixin/openclaw-weixin-cli@latest install` has two compounding issues:
1. **`@tencent-weixin/openclaw-weixin-cli` does not appear to exist on the npm registry.** A search of npmjs.com finds no package under this name or the `@tencent-weixin` scope. The closest legitimate Tencent-published OpenClaw channel plugin found is `@wecom/wecom-openclaw-plugin` (for WeCom/Enterprise WeChat), which is a different product entirely.
2. **`-y` silently bypasses npm's install confirmation.** Given recently reported active exploitation of malicious npm packages posing as OpenClaw tooling (deploying RATs and stealing macOS credentials), recommending `npx -y` for an unverified package in this ecosystem is a meaningful supply-chain risk. Users should at minimum be prompted before the package runs.
Before merging, the PR author should confirm the exact published package name on npmjs.com and remove the `-y` flag (or document why it is safe).
```suggestion
```bash
npx @tencent-weixin/openclaw-weixin-cli@latest install
How can I resolve this? If you propose a fix, please make it concise.
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 29a5f2375d
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
README.md
Outdated
| ### Channels | ||
|
|
||
| - [Channels](https://docs.openclaw.ai/channels): [WhatsApp](https://docs.openclaw.ai/channels/whatsapp) (Baileys), [Telegram](https://docs.openclaw.ai/channels/telegram) (grammY), [Slack](https://docs.openclaw.ai/channels/slack) (Bolt), [Discord](https://docs.openclaw.ai/channels/discord) (discord.js), [Google Chat](https://docs.openclaw.ai/channels/googlechat) (Chat API), [Signal](https://docs.openclaw.ai/channels/signal) (signal-cli), [BlueBubbles](https://docs.openclaw.ai/channels/bluebubbles) (iMessage, recommended), [iMessage](https://docs.openclaw.ai/channels/imessage) (legacy imsg), [IRC](https://docs.openclaw.ai/channels/irc), [Microsoft Teams](https://docs.openclaw.ai/channels/msteams), [Matrix](https://docs.openclaw.ai/channels/matrix), [Feishu](https://docs.openclaw.ai/channels/feishu), [LINE](https://docs.openclaw.ai/channels/line), [Mattermost](https://docs.openclaw.ai/channels/mattermost), [Nextcloud Talk](https://docs.openclaw.ai/channels/nextcloud-talk), [Nostr](https://docs.openclaw.ai/channels/nostr), [Synology Chat](https://docs.openclaw.ai/channels/synology-chat), [Tlon](https://docs.openclaw.ai/channels/tlon), [Twitch](https://docs.openclaw.ai/channels/twitch), [Zalo](https://docs.openclaw.ai/channels/zalo), [Zalo Personal](https://docs.openclaw.ai/channels/zalouser), [WebChat](https://docs.openclaw.ai/web/webchat). | ||
| - [Channels](https://docs.openclaw.ai/channels): [WhatsApp](https://docs.openclaw.ai/channels/whatsapp) (Baileys), [Telegram](https://docs.openclaw.ai/channels/telegram) (grammY), [Slack](https://docs.openclaw.ai/channels/slack) (Bolt), [Discord](https://docs.openclaw.ai/channels/discord) (discord.js), [Google Chat](https://docs.openclaw.ai/channels/googlechat) (Chat API), [Signal](https://docs.openclaw.ai/channels/signal) (signal-cli), [BlueBubbles](https://docs.openclaw.ai/channels/bluebubbles) (iMessage, recommended), [iMessage](https://docs.openclaw.ai/channels/imessage) (legacy imsg), [IRC](https://docs.openclaw.ai/channels/irc), [Microsoft Teams](https://docs.openclaw.ai/channels/msteams), [Matrix](https://docs.openclaw.ai/channels/matrix), [Feishu](https://docs.openclaw.ai/channels/feishu), [LINE](https://docs.openclaw.ai/channels/line), [Mattermost](https://docs.openclaw.ai/channels/mattermost), [Nextcloud Talk](https://docs.openclaw.ai/channels/nextcloud-talk), [Nostr](https://docs.openclaw.ai/channels/nostr), [Synology Chat](https://docs.openclaw.ai/channels/synology-chat), [Tlon](https://docs.openclaw.ai/channels/tlon), [Twitch](https://docs.openclaw.ai/channels/twitch), [Zalo](https://docs.openclaw.ai/channels/zalo), [Zalo Personal](https://docs.openclaw.ai/channels/zalouser), [WeChat](https://docs.openclaw.ai/channels/wechat) (`@tencent-weixin/openclaw-weixin`), [WebChat](https://docs.openclaw.ai/web/webchat). |
There was a problem hiding this comment.
This change sends readers to https://docs.openclaw.ai/channels/wechat, but the repo does not publish that route: there is no docs/channels/wechat.md, and the canonical channel list in docs/channels/index.md:13-36 still stops at Zalo Personal. In practice the new README entry becomes a dead link and an undiscoverable setup path, so users who click through from the supported-channels list cannot find install or configuration docs for the feature being advertised.
Useful? React with 👍 / 👎.
Add WeChat (微信) as a supported channel using the official @tencent-weixin/openclaw-weixin plugin provided by Tencent. - Added WeChat to the channel list in intro, Highlights, and diagram - Added WeChat to the Channels subsystem table with link - Added WeChat setup section with install command and config notes Install: npx -y @tencent-weixin/openclaw-weixin-cli@latest install Closes openclaw#43116
yixinrock
force-pushed
the
feat/wechat-channel
branch
from
29a5f23 to
3377084
Compare
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: b9619b655c
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
README.md
Outdated
| - Configure a Teams app + Bot Framework, then add a `msteams` config section. | ||
| - Allowlist who can talk via `msteams.allowFrom`; group access via `msteams.groupAllowFrom` or `msteams.groupPolicy: "open"`. | ||
|
|
||
| ### [WeChat](https://docs.openclaw.ai/channels/wechat) |
There was a problem hiding this comment.
Fresh evidence on the current tree: docs/channels/index.md:14-37 still omits WeChat, a repo-wide docs search finds no docs/channels/wechat.md, and the live https://docs.openclaw.ai/channels/wechat route currently 404s. That means this heading (and the new channel entry above) sends README readers to a dead page instead of a canonical setup guide, so the newly advertised channel is still undiscoverable outside this short snippet.
Useful? React with 👍 / 👎.
|
Thanks for the careful review, @greptile-apps. On the package existence: It returns v1.0.2 with Tencent maintainers. This is the official entry point Tencent opened for WeChat integration with OpenClaw. On the |
|
Perfect, thanks for verifying the package and removing the |
|
Good catch — removed the |
1 participant
Summary
Adds WeChat (微信) as an officially-supported channel in the README, using the
@tencent-weixin/openclaw-weixinplugin provided by Tencent.Tencent recently opened a WeChat integration entry point for OpenClaw, installable via:
Changes
Notes
channels.wechat.allowFromcontrols which senders can interact with the assistantCloses #43116