ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Wechat Local Data Reader

Read WeChat local data from SQLite databases. Supports listing contacts, chat sessions, searching messages, and viewing favorites. Use when the user needs to...

MIT-0 · Free to use, modify, and redistribute. No attribution required.
16 · 2.7k · 10 current installs · 13 all-time installs
bylinyishan@AlphaFactor
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The skill name/description (read WeChat local SQLite data) aligns with the included Python script and documentation: it searches the WeChat data directory, opens SQLite databases in read-only mode, and exposes commands for contacts, sessions, search, favorites and stats. There are no unexpected external service credentials or unrelated binaries requested.
Instruction Scope
SKILL.md directs the agent/user to access the WeChat data directory and run the bundled script; all instructions focus on reading local DB files, handling permissions, and using only read-only SQLite mode. It explicitly advises closing WeChat if databases are locked and instructs granting macOS 'Full Disk Access' if needed — a sensitive but plausible requirement for accessing ~/Library/Containers. There are no instructions to transmit data externally or to read unrelated system files.
Install Mechanism
There is no install specification (no downloads or package installs). The skill includes a local Python script that the agent/user runs directly. No remote code fetch or archive extraction is present.
Credentials
The skill requests no environment variables, credentials, or config paths beyond the user-specified WeChat data directory. The only elevated permission the instructions recommend is granting terminal Full Disk Access on macOS, which is proportionate to the goal of reading files in ~/Library/Containers.
Persistence & Privilege
Flags show always:false (normal). disable-model-invocation is false, so the agent may invoke the skill autonomously — this is the platform default and not by itself a security problem, but it means an agent with permission could read local WeChat data when it chooses. Consider this when enabling autonomous agents.
Assessment
This skill appears to do what it claims: read local WeChat SQLite databases in read-only mode without contacting external services. Before installing or running it: (1) inspect the full script yourself (ensure there are no hidden network calls or obfuscated behavior), (2) run it only on your own device and only against databases you own, (3) back up the database files before use and close WeChat to avoid locks, (4) be cautious granting macOS Full Disk Access to your terminal (it gives broad access to other files), and (5) if you do not want an agent to automatically access your WeChat data, disable autonomous skill invocation or only call the skill manually. If you want higher assurance, request the complete untruncated source and verify there are no network/socket calls, subprocess.exec calls, or code that writes out extracted data to external locations.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.2
Download zip
latestvk978ysd7hf3r0gcgm5kn7c3pb982myv7wechatvk975zdm5xje8hgf23mx6w6eqt580e4m7

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

微信本地数据读取工具

安全读取微信本地 SQLite 数据库,获取联系人、聊天记录、收藏等信息。

⚠️ 重要声明:本工具仅读取本地数据,不会修改任何文件。仅供用户查看自己的微信数据使用。

支持平台

  • ✅ macOS (通过 ~/Library/Containers/com.tencent.xinWeChat/)
  • ⚠️ Windows (通过自定义路径)
  • ❌ iOS/Android (无法直接访问本地数据库)

前提条件

1. 确保微信在电脑上登录过

本工具读取的是电脑版微信的本地数据库文件。

2. 权限检查

# 检查是否有权限访问微信数据目录
ls -la ~/Library/Containers/com.tencent.xinWeChat/

如果权限不足,可能需要:

# 授予终端完全磁盘访问权限
# 系统设置 → 隐私与安全 → 完全磁盘访问权限 → 添加终端

使用方法

列出找到的数据库

python3 scripts/wechat.py list

查看联系人列表

python3 scripts/wechat.py contacts

输出示例:

👥 联系人列表 (50 个):

序号   昵称/备注              微信号
--------------------------------------------------
1      张三                   zhangsan123
2      李四(同事)             lisi_work
3      家人群                 chatroom_xxx

查看最近会话

python3 scripts/wechat.py sessions --limit 20

输出示例:

💬 最近会话 (20 个):

📌    家人群                  2024-01-15 20:30:15
      💬 [图片]

🔴 5  张三                    2024-01-15 19:45:22
      💬 明天见!

搜索消息内容

python3 scripts/wechat.py search "关键词" --limit 50

查看收藏内容

python3 scripts/wechat.py favorites --limit 20

查看统计数据

python3 scripts/wechat.py stats

输出示例:

📊 微信数据统计:

📁 contact: /Users/xxx/Library/.../Contact.sqlite
📁 session: /Users/xxx/Library/.../Session.sqlite
📁 chat: /Users/xxx/Library/.../Chat.sqlite

----------------------------------------
👥 联系人数量: 1234
💬 会话数量: 156
📨 消息数量: 45678
⭐ 收藏数量: 89

命令参考

命令功能示例
list列出数据库文件wechat.py list
contacts联系人列表wechat.py contacts --limit 50
sessions会话列表wechat.py sessions --limit 20
search搜索消息wechat.py search "关键词"
favorites收藏内容wechat.py favorites
stats统计信息wechat.py stats

自定义路径

如果微信安装在非默认位置:

python3 scripts/wechat.py --path /path/to/wechat/data contacts

Windows 路径示例:

python3 scripts/wechat.py --path "C:/Users/用户名/Documents/WeChat Files/" contacts

数据库说明

数据库内容说明
Contact.sqlite联系人信息微信号、昵称、备注
Session.sqlite会话列表最近聊天、未读消息
Chat.sqlite聊天记录消息内容、时间
Favorite.sqlite收藏内容收藏的消息、链接、笔记
Brand.sqlite公众号关注的公众号信息

技术说明

  • 使用 SQLite 只读模式 (mode=ro) 打开数据库
  • 所有操作均为查询,不会执行 INSERT/UPDATE/DELETE
  • 时间戳为毫秒级 Unix 时间戳,会自动转换为可读格式

常见问题

错误:Permission denied → 授予终端"完全磁盘访问权限": 系统设置 → 隐私与安全 → 完全磁盘访问权限 → 添加终端

错误:未找到数据库文件 → 确认微信已登录过,或指定自定义路径 --path

错误:database is locked → 关闭微信后重试(微信运行时可能锁定数据库)

读取的内容是加密的? → 部分字段可能经过加密,这是微信的安全机制

隐私与安全

  • ✅ 本工具只读取本地数据,不上传任何信息
  • ✅ 所有操作在本地完成
  • ✅ 需要用户明确授权才能访问数据目录
  • ⚠️ 读取的数据包含个人隐私,请妥善保管

参考

Files

3 total
Select a file
Select a file to preview.

Comments

Loading comments…