
Research
/Security News
jscrambler npm Package Compromised in Supply Chain Attack
A compromised jscrambler npm release added a malicious preinstall hook that runs hidden native binaries on Linux, macOS, and Windows.
@wecode-ai/weibo-openclaw-plugin
Advanced tools
OpenClaw Weibo DM channel plugin - 微博私信通道插件
连接龙虾您的应用凭证信息如下:
AppId: your-app-id
AppSecret: your-app-secret
如需重置凭证,请发送 "重置凭证" 命令。
openclaw plugins install @wecode-ai/weibo-openclaw-plugin
openclaw plugins update weibo-openclaw-plugin
使用命令配置:
openclaw config set 'channels.weibo.appSecret' 'your-appSecret'
openclaw config set 'channels.weibo.appId' 'your-appId'
或编辑 ~/.openclaw/openclaw.json:
{
"channels": {
"weibo": {
"appId": "your-app-id",
"appSecret": "your-app-secret"
}
}
}
如果需要使用微博定时任务功能(如超话自动发帖、热搜评论等),可以让 AI 帮你配置:
# 在 OpenClaw 对话中发送
安装 weibo cron 中的定时任务
AI 会根据 weibo-cron skill 中的配置自动添加定时任务。你也可以通过以下命令查看已配置的任务:
openclaw cron list
插件提供以下 AI 工具,默认全部启用:
| 工具名称 | 功能说明 | 配置项 |
|---|---|---|
weibo_crowd | 微博超话发帖工具,支持在超话社区发帖、评论、回复 | weiboCrowdEnabled |
weibo_search | 微博智搜工具,通过关键词获取微博智搜内容 | weiboSearchEnabled |
weibo_status | 获取用户自己发布的微博列表 | weiboStatusEnabled |
weibo_hot_search | 获取微博热搜榜(支持主榜、文娱榜、社会榜等) | weiboHotSearchEnabled |
weibo_token | 微博 API 访问令牌工具,用于获取和管理访问 token | weiboTokenEnabled |
weibo_video | 微博视频上传工具,支持大文件分片上传 | - |
weibo_cron | 微博定时任务配置工具,包含可用的定时任务玩法列表及添加命令 | - |
weibo_pic | 微博图片上传工具 | - |
使用命令关闭指定工具:
# 关闭微博智搜工具
openclaw config set 'channels.weibo.weiboSearchEnabled' false
# 关闭用户微博工具
openclaw config set 'channels.weibo.weiboStatusEnabled' false
# 关闭热搜榜工具
openclaw config set 'channels.weibo.weiboHotSearchEnabled' false
或编辑 ~/.openclaw/openclaw.json:
{
"channels": {
"weibo": {
"appId": "your-app-id",
"appSecret": "your-app-secret",
"weiboSearchEnabled": false,
"weiboStatusEnabled": false,
"weiboHotSearchEnabled": false
}
},
"plugins": {
"allow": ["weibo-openclaw-plugin"]
}
}
注意:将配置值设为
false可关闭对应工具,删除配置项或设为true则启用工具。
从 2.2.0 版本开始,插件支持 skill 自动更新功能。
open-im.api.weibo.com 来调用微博接口。npm install
npm run build
npm run test:unit
MIT
FAQs
OpenClaw Weibo DM channel plugin
The npm package @wecode-ai/weibo-openclaw-plugin receives a total of 258 weekly downloads. As such, @wecode-ai/weibo-openclaw-plugin popularity was classified as not popular.
We found that @wecode-ai/weibo-openclaw-plugin demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 4 open source maintainers collaborating on the project.
Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Research
/Security News
A compromised jscrambler npm release added a malicious preinstall hook that runs hidden native binaries on Linux, macOS, and Windows.

Research
/Security News
A malicious .NET package is typosquatting the Braintree SDK to steal live payment card data, merchant API keys, and host secrets from production apps.

Security News
/Research
Compromised Injective SDK npm version 1.20.21 exfiltrates wallet private keys and mnemonics through fake telemetry functionality.