Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
ClawPhone WeChat Control
v1.0.0处理微信会话列表、进入聊天、发送消息、处理微信内弹窗与聊天页失败排查。适用于用户要求查看微信消息、回复联系人、转发、处理聊天输入框或发送失败时。执行时必须先确认当前在微信的哪个页面,再按聊天场景一步一验。
⭐ 0· 239·0 current·0 all-time
byCLOUD BOY@be1human
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description and SKILL.md are coherent: the skill's instructions directly implement WeChat UI automation (launch_app('com.tencent.mm'), click_by_text, type_text, set_clipboard, screenshots, long-press/paste). However the metadata declares no required binaries, env vars, or permissions even though the runtime assumes device-control primitives (app launch, screenshot, clipboard, click_by_text, long-press). The lack of an explicit declaration of these capabilities/permissions is a mismatch worth noting.
Instruction Scope
Instructions repeatedly mandate taking screenshots and using the clipboard as verification/backup. Those actions can capture sensitive message contents and other on-screen data. SKILL.md does not limit what is captured, does not instruct how screenshots/clipboards are stored/retained/transmitted, and gives no user-consent or safety checks. While the steps stay within the stated task (WeChat automation), they create a high-risk surface for private data exposure.
Install Mechanism
This is an instruction-only skill with no install spec and no code files. That is the lowest install risk and consistent with the SKILL.md being runtime instructions only.
Credentials
The skill declares no environment variables or credentials, which is appropriate for a local UI automation instruction set. However it implicitly requires platform/device permissions (screenshot capture, clipboard write/read, ability to launch and interact with apps) that are not declared in metadata; the omission reduces transparency about what access will be needed.
Persistence & Privilege
always is false (good). The skill can be invoked autonomously (default) — combined with its need for sensitive device-level access this increases risk if the agent runs without explicit user confirmation. There is no instruction to require explicit, per-action user consent or to avoid uploading captured screenshots/clipboard contents.
What to consider before installing
This skill appears to do what it says: automate WeChat UI actions. However it instructs the agent to take screenshots and manipulate the clipboard (which can capture private messages) and to verify foreground app state — sensitive actions that could expose user data. Before installing: (1) confirm the agent runtime will require and enforce explicit device permissions (screenshot, clipboard, app control) and will only grant them with user consent; (2) require the skill to declare the exact capabilities it needs; (3) insist on safeguards: do not upload screenshots/clipboard content off-device, keep transient verification data ephemeral, log actions for audit, and require per-invocation user confirmation for reading or sending messages; (4) test in a non-sensitive account first. If those controls are not possible or you don't trust the runtime, do not enable this skill.Like a lobster shell, security has layers — review code before you run it.
latestvk97e6nefn4kmk7aw8atpdjdtc1831gcn
License
MIT-0
Free to use, modify, and redistribute. No attribution required.