v1.0.0

微信指定联系人自动发送

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 7:41 AM.

Analysis

This skill openly automates sending WeChat messages, but it should be reviewed because it can act through the logged-in account and may keep sending keystrokes even if the WeChat window is not safely focused.

GuidanceReview this skill before installing. It is not showing evidence of hidden exfiltration or destructive behavior, but it has real authority to send WeChat messages as you and uses broad desktop automation. Only use it for explicit, reviewed messages, confirm the recipient, avoid secrets, and do not enable scheduled or bulk sending unless you can easily monitor and stop it.

Findings (5)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityMediumConfidenceHighStatusConcern

wechat_auto_send.py

except Exception as e:
        print(f"[警告] 聚焦窗口失败: {e}")
        return True  # 继续尝试

If focusing the WeChat window throws an exception, the script deliberately continues, then later uses clipboard paste and Enter keystrokes to send the message.

User impactA message or command could be pasted and submitted in the wrong application or wrong chat if the WeChat window is not actually active.

RecommendationFail closed when WeChat cannot be focused, verify the active window and selected recipient before sending, and require a final user confirmation before pressing Enter.

Rogue Agents

SeverityLowConfidenceHighStatusNote

OPENCLAW_USAGE.md

可以结合 OpenClaw 的 cron 功能实现定时发送

The documentation describes configuring scheduled recurring WeChat sends. The package does not create this persistence automatically, but the supported workflow can run without per-send review if the user enables it.

User impactA scheduled or recurring configuration could keep sending messages later, including if the message template or recipient is wrong.

RecommendationUse scheduled sending only with clear limits, visible review, and an easy way to disable the job.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceHighStatusNote

requirements.txt

pyautogui>=0.9.53
pygetwindow>=0.0.9
pyperclip>=1.8.2

The skill relies on PyPI packages with minimum-version constraints rather than exact pins; these packages are expected for desktop automation but should be installed knowingly.

User impactInstalling or updating dependencies could pull newer package versions that have not been reviewed with this skill.

RecommendationPin dependency versions in a lockfile and document the required Python/runtime setup in the registry metadata or install spec.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityMediumConfidenceHighStatusNote

README.md

微信客户端已安装并登录

The skill depends on an already logged-in WeChat client, so actions are performed under the user's WeChat identity rather than through a separate scoped permission.

User impactAny sent message appears to come from the user's WeChat account and may affect personal or business relationships.

RecommendationUse only for messages the user explicitly requested, confirm the recipient and text for important or external contacts, and avoid granting unattended use.

Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning

SeverityLowConfidenceHighStatusNote

wechat_auto_send.py

print(f"消息内容: {message}") ... pyperclip.copy(message)

The message content is printed to output and copied into the system clipboard, which may persist after the script completes or be visible in logs.

User impactSensitive text placed in the message could remain in clipboard history or logs.

RecommendationDo not use this skill for passwords, keys, or confidential data; consider clearing the clipboard and suppressing full-message logging after sending.