What is the difference between 'pairing' and 'allowlist' policy modes?

In pairing mode, unknown users receive a code they can share with you for approval. In allowlist mode, all messages from unknown users are silently ignored.

How long do WeChat pairing codes remain valid?

Pairing codes are temporary and expire 5 minutes after creation to ensure the security of the connection process.

Can I approve a pairing request directly from a WeChat message?

No. To prevent prompt injection and unauthorized access, all pairing approvals and policy changes must be executed manually by the user within their terminal session.

How do I identify a WeChat user ID for the allowlist?

WeChat user IDs used by this skill typically follow the format 'xxxxxxxx@im.wechat'. These are internal identifiers, not display names or phone numbers.

Where are the WeChat user permissions stored?

All access data, including the allowlist and current policy, is stored locally in a JSON file at ~/.claude/channels/weixin/access.json.

WeChat Channel Access Manager

Name: WeChat Channel Access Manager
Author: weicyruc

byweicyruc

•

Social Media Management

Manages security permissions, user pairing, and access policies for the Claude-to-WeChat integration.

The WeChat Channel Access Manager is a security-focused skill designed to control who can interact with Claude via the WeChat iLink API. It allows administrators to approve pairing requests using secure codes, maintain a permanent allowlist of authorized WeChat IDs, and toggle between open pairing and strict allowlist-only modes. By requiring all access mutations to happen within the local terminal session, it effectively prevents prompt injection attacks that could occur if permission changes were allowed via incoming WeChat messages.

Key Features

01Real-time status tracking of pending requests and authorized users

02Comprehensive allowlist management to add or remove specific WeChat IDs

03Secure pairing of WeChat users using 6-character verification codes

04Switchable security policies between 'pairing' and 'allowlist' modes

055 GitHub stars

06Terminal-only execution to prevent remote unauthorized permission changes

Use Cases

01Onboarding specific team members to access Claude via their private WeChat accounts

02Securing a personal Claude instance by restricting interactions to a verified allowlist

03Managing temporary access for testing Claude's mobile chat capabilities via WeChat

Key Features

01Real-time status tracking of pending requests and authorized users

02Comprehensive allowlist management to add or remove specific WeChat IDs

03Secure pairing of WeChat users using 6-character verification codes

04Switchable security policies between 'pairing' and 'allowlist' modes

055 GitHub stars

06Terminal-only execution to prevent remote unauthorized permission changes

Use Cases

01Onboarding specific team members to access Claude via their private WeChat accounts

02Securing a personal Claude instance by restricting interactions to a verified allowlist

03Managing temporary access for testing Claude's mobile chat capabilities via WeChat