Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
WeChat Auto Reply
v1.0.1微信消息自动发送/半自动回复。主动发送时,按“搜索联系人→单聊直接 Enter 进入聊天;群聊先识别群聊分组再定位目标项→粘贴消息→发送”的逻辑执行。适用于 macOS + 微信桌面版环境,需本机完成权限和依赖配置。使用方式:wechat-auto-reply "联系人名称" 或 wechat-auto-repl...
⭐ 1· 53·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description (WeChat auto reply on macOS) aligns with the included files and runtime actions: AppleScript + osascript calls, macOS Vision OCR, screencapture, and cliclick-driven UI automation. Requested permissions (Accessibility) and tools (cliclick, Vision, screencapture) are appropriate for the stated goal.
Instruction Scope
SKILL.md and the shell wrapper expect an AppleScript file wechat-dm.applescript to exist and be used for the main CLI; that file is referenced in multiple places but is not present in the package. Some scripts also embed developer-local paths (e.g., VENV_PY = "/Users/chuck/.venvs/pyobjc/bin/python") and hard-coded click coordinates which indicate per-machine calibration is required. These inconsistencies mean the provided instructions may not work as-is and could lead users to run or fetch additional files from external sources.
Install Mechanism
There is no formal install spec in the registry package (instruction-only install), but SKILL.md recommends a third-party Homebrew tap (bjdzliu/openclaw). That recommendation is plausible but not enforced by the package metadata—users would need to trust and inspect that tap. No network endpoints or downloads are present in the included code files, lowering code-execution risk from remote fetches, but the brew tap advice introduces a potential external trust decision.
Credentials
The skill requests no environment variables or credentials, which is appropriate. Caveats: scripts expect cliclick at /usr/local/bin and use /usr/sbin/screencapture and macOS Vision—the absolute paths and a leftover developer venv path (/Users/chuck/...) are packaging artifacts that should be adjusted for the target machine. The skill requires Accessibility permission, which is necessary for UI automation but is a high-privilege capability that users must consciously grant.
Persistence & Privilege
The skill does not declare always:true and does not request to modify other skills or global agent settings. It operates locally and requires user-granted macOS Accessibility permission; it does not request background persistence beyond normal installation locations described in SKILL.md.
What to consider before installing
This package appears to implement WeChat UI automation on macOS, which reasonably needs Accessibility permission, cliclick, screencapture, and Vision OCR. Before installing:
- Do NOT grant Accessibility permission until you trust the scripts. UI automation can read and control your screen and keyboard.
- The package references a wechat-dm.applescript file but that file is not included—installation as provided will fail. Ask the author or the tap for the missing AppleScript and inspect it before running.
- The README suggests installing from a third-party Homebrew tap (bjdzliu/openclaw). Only add and install from taps you trust and inspect the formula contents.
- Inspect the AppleScript and any Homebrew formula for network or credential usage. The included Python and shell files do not perform network calls or credential exfiltration, but the missing AppleScript could change that behavior.
- Be prepared to calibrate hard-coded click coordinates and to install cliclick and pyobjc dependencies in a safe environment first. The repo also contains developer-local paths (e.g., /Users/chuck/.venvs/...), a sign of incomplete packaging.
If you want to proceed, request the missing wechat-dm.applescript and the Homebrew formula source, review them, and test in a non-critical account or VM before granting Accessibility to the scripts.Like a lobster shell, security has layers — review code before you run it.
latestvk979dahkvc2x18gj3a8veny4qs84h4js
License
MIT-0
Free to use, modify, and redistribute. No attribution required.