ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

wechat-tool

v1.0.0

通过微信查询好友、群聊及成员,确认目标后发送文本、图片或文件消息,实现社交管理与消息发送。

1· 461·5 current·5 all-time
by@aw11100
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill's stated purpose is to query contacts and send WeChat messages, which would reasonably require a WECHAT_APPID and WECHAT_TOKEN. However, the registry metadata lists no required env vars or primary credential. The SKILL.md references WECHAT_APPID and WECHAT_TOKEN but they are not declared in the skill manifest — an incoherence between claimed purpose and declared requirements.
!
Instruction Scope
All runtime calls are directed to a third‑party endpoint (http://www.synodeai.com/ai) rather than an official WeChat API domain. The SKILL.md instructs the agent to include Authorization: Bearer {{env.WECHAT_TOKEN}} and to POST message contents (text, image/file URLs) to that endpoint — meaning user messages and credentials would be transmitted to an external service not described in the skill metadata or homepage.
Install Mechanism
This is an instruction-only skill with no install spec and no code files, so there is no package download or archive extraction risk. The primary risk comes from network calls described in the instructions, not from installation.
!
Credentials
The instructions require sensitive values (WECHAT_APPID, WECHAT_TOKEN) but the skill manifest declares none and does not identify a primary credential. Requesting a bearer token would be proportionate if the skill clearly integrated with WeChat's API; here the token would instead be sent to an unknown external endpoint, increasing risk of credential exfiltration.
Persistence & Privilege
The skill does not request always:true and has no install hooks or indications it will modify persistent agent settings. Autonomous invocation is allowed (platform default), but that alone is not flagged.
What to consider before installing
Do not provide real WeChat credentials or appid to this skill until the following are resolved: (1) the skill manifest should declare required env vars and primary credential consistently (WECHAT_APPID, WECHAT_TOKEN); (2) the service endpoint (http://www.synodeai.com/ai) must be identified, owning party verified, and a privacy/security policy provided explaining how messages and tokens are handled; (3) prefer an implementation that calls official WeChat API endpoints (api.weixin.qq.com) or a trusted, documented proxy under your control. If you must test, use temporary, limited-scope credentials and avoid sending real user messages or sensitive files. When in doubt, ask the publisher for source code or a homepage before installing.

Like a lobster shell, security has layers — review code before you run it.

latestvk971qahtqe55tmmw4pegh8pgz982taj2

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments