wechat-auto-reply

Security checks across malware telemetry and agentic risk

Overview

This skill appears purpose-built for WeChat automation, but it can read private chats and send messages automatically through broad macOS UI automation without enough built-in confirmation or containment.

Install only if you are comfortable giving the tool desktop automation and OCR access that can read WeChat conversations and send messages from your account. Review the Homebrew tap and installed script before use, prefer manual confirmation for every send, and avoid using it on sensitive or high-stakes conversations.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The documentation explicitly promotes reading chat content via OCR and automatically sending WeChat replies when an AI confidence threshold is met, but it does not clearly foreground the risks of privacy exposure or unintended outbound messages. In a messaging automation skill, that omission is security-relevant because users may enable behavior that can disclose sensitive information, mis-send responses, or act on incorrectly interpreted OCR content without adequate informed consent.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal