WeChat macOS Proxy
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: wechat-macos-proxy Version: 1.1.1 The skill implements WeChat automation on macOS using high-risk GUI control and screen capture capabilities via the `peekaboo` utility and AppleScript. While the scripts (wechat_proxy.sh, config.sh) appear to function as described for messaging, chat reading, and history export, the requirement for Screen Recording and Accessibility permissions to access a private messaging app constitutes a significant security risk. No evidence of intentional malice or data exfiltration was found, but the bundle includes unusual maintenance scripts (check_feedback.sh, weekly_feedback_report.sh) that use the clawhub CLI to monitor the skill's status on the platform.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A mistaken or over-eager agent action could send private or bulk messages from the user's WeChat account, including to groups or customers.
The script immediately sends messages through the active WeChat GUI and batch mode deliberately spaces sends to avoid platform risk controls, without an approval or verification step.
peekaboo type "$message" --app "$WECHAT_APP_NAME" 2>/dev/null ... peekaboo press return --app "$WECHAT_APP_NAME" 2>/dev/null ... # 间隔避免触发风控 sleep 2
Add explicit user confirmation before every send or batch, show the resolved recipient and message, provide a dry-run mode, and avoid framing throttling as a way to bypass platform controls.
A crafted contact name or argument containing path separators could make the skill create directories or write export files outside the intended /tmp/wechat_proxy area.
The contact name is used directly as part of a filesystem path for exports, with no sanitization or canonical path check.
local export_dir="$TEMP_DIR/export/$contact_name"
mkdir -p "$export_dir"
local md_file="$export_dir/${contact_name}_${timestamp}.md"
cat > "$md_file" << EOFSanitize contact names before using them in paths, replace slashes/control characters, and verify the canonical export path stays inside the intended export directory.
These permissions let the automation view the screen and drive UI actions with the user's existing WeChat identity.
The documented setup asks the user to grant broad macOS screen-capture and accessibility permissions so the tool can operate the user's logged-in WeChat session.
# 添加 peekaboo 并开启屏幕录制权限 ... # 添加终端并开启辅助功能权限
Only grant these permissions if you trust the skill and its dependencies; revoke them when not needed and prefer a dedicated, low-risk WeChat account for automation.
Private chats, message text, and possibly other visible desktop content can remain on disk after reads, exports, checks, or listening.
Screenshots and logs are written under /tmp, and the screenshot helper captures the full screen rather than only a minimized chat region.
TEMP_DIR="/tmp/wechat_proxy" LOG_FILE="$TEMP_DIR/wechat_proxy.log" ... peekaboo image --mode screen --path "$output_path" ... screencapture -x "$output_path"
Use a private per-user directory with restrictive permissions, limit screenshots to the WeChat window/chat area, avoid logging message contents, and add automatic cleanup or retention settings.
If started and forgotten, the listener may keep monitoring WeChat and creating screenshots longer than intended.
Listen mode creates a PID file and runs a continuous monitoring loop until the stop command removes the PID file.
echo $$ > "$TEMP_DIR/listener.pid" ... while [ -f "$TEMP_DIR/listener.pid" ]; do ... sleep 1 done
Use listen mode only when needed, run the provided stop command afterward, and consider adding a maximum runtime or inactivity timeout.
The safety of the automation depends partly on the installed peekaboo package and its updates.
The skill depends on external Homebrew packages, including a third-party tap, which is expected for the stated GUI automation but is not pinned in the artifacts.
brew install steipete/tap/peekaboo jq
Install dependencies from trusted sources, review the peekaboo project/tap before granting permissions, and consider pinning known-good versions.