ClawHub

WeChat macOS Proxy

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do what it says, but it can operate a live WeChat account, send messages in bulk, and save private chat screenshots locally without strong safeguards.

Install only if you are comfortable granting screen recording and accessibility control to a WeChat automation tool. Use it on accounts and machines where this level of access is acceptable, review every recipient and CSV before sending, avoid unattended bulk-send or auto-reply workflows, and delete /tmp/wechat_proxy plus related feedback/report logs after handling private chat data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Missing User Warnings

Medium
Confidence
80% confidence
Finding
The skill can read and export WeChat content using screenshots, which may capture sensitive personal, business, or regulated data without an explicit, prominent privacy warning. In this context, the combination of screen recording permission plus chat export increases the risk of unintentional over-collection, local data leakage in /tmp or exported files, and misuse by downstream automation or AI summarization.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
Continuous monitoring and optional automatic replies can affect real user communications without sufficient warning about the risks of misfires, unintended responses, spam-like behavior, or disclosure of sensitive information. In a messaging skill, this is more dangerous because actions directly impact external parties and can create reputational, compliance, or account-enforcement consequences if the automation behaves incorrectly.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The batch-send flow transmits messages from a CSV immediately, with no dry-run, preview, recipient verification, rate-limit safety, or explicit confirmation before each run. In an agent skill context, this increases the risk of accidental spam, misdelivery to unintended contacts due to GUI search ambiguity, and abusive mass messaging if invoked by an untrusted workflow.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The export function captures chat screenshots and writes them to disk under a predictable export directory without any privacy notice, consent check, retention control, or access restriction. Because chat content may contain sensitive personal or business information, this creates a real confidentiality risk through unintended local persistence and later exfiltration by other tools or users on the system.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal