wechat-skill
Security checks across malware telemetry and agentic risk
Overview
The skill is purpose-aligned for sending WeChat messages, but it can send from the active WeChat session without an in-tool recipient/confirmation check and it stores chat screenshots locally.
Install only if you are comfortable with a tool controlling your WeChat desktop session. Before each use, confirm the active chat, recipient, and exact message, and consider deleting the generated PNG screenshots and clearing the clipboard after sending.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent invokes the tool at the wrong time or the wrong WeChat chat is active, it could send a message as the user to an unintended recipient.
The MCP tool only requires message text, then invokes the current-window send routine, which presses Enter and clicks the send button. There is no enforced recipient parameter or confirmation gate in the tool itself.
"required": ["message"] ... success, err = send_message_to_current(message) ... pyautogui.press('enter') ... pyautogui.click(send_x, send_y)Require an explicit just-before-send confirmation that includes recipient and exact message, and ideally add a tool-level confirmation/recipient check or draft-only mode before pressing send.
Messages sent by this skill appear as if the user sent them directly from their WeChat account.
The skill is designed to operate the user's already-open WeChat desktop session, meaning messages are sent under the user's WeChat identity.
微信窗口需要保持打开状态 2. 发送消息时会自动激活微信窗口
Use it only when you are comfortable delegating WeChat sending authority, and verify the active account, recipient, and message before each send.
Private WeChat content or the outgoing message may remain accessible locally after the task, including in PNG files or the clipboard.
The skill copies outgoing message text into the system clipboard and saves WeChat window/input/result screenshots in the skill directory, which may contain private chats, contacts, or message content.
pyperclip.copy(message) ... img.save(str(Path(__file__).parent / "verify.png")) ... input_img.save(str(Path(__file__).parent / "input_verify.png")) ... img.save(str(Path(__file__).parent / "result.png"))
Avoid saving screenshots by default, store any needed previews in a temporary location, delete them after use, and restore or clear the clipboard after sending.
Future installs could resolve to different package versions than the author tested.
The skill depends on external Python packages with lower-bound version ranges rather than pinned exact versions.
pyautogui>=0.9.54 pygetwindow>=0.0.9 pytesseract>=0.3.13 Pillow>=12.1.0 pyperclip>=1.11.0 opencv-python>=4.13.0
Prefer pinned, reviewed dependency versions or install in an isolated Python environment.