ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Wechat Qwen Reply

WeChat chat reader + auto-reply (Qwen-VL vision + AHK send). Supports fast/slow capture, group nickname labels, file/red-packet cards, and filtering system m...

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 17 · 0 current installs · 0 all-time installs
by@chenxundaozu
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill claims WeChat chat reader + auto-reply, but the included code only performs capture→OCR→print/save flow. SKILL.md references PowerShell capture scripts and an AHK sender (wechat_capture_fast.ps1, wechat_capture_crop.ps1, wechat_send_chat.ahk), yet those files are not present in the bundle. The script also uses a hardcoded workspace path (C:\Users\chenxun\.nanobot\workspace) and a default contact name, which suggests it was left tied to the developer's environment rather than being generalized. Asking for AHK and PowerShell seems plausible for the stated purpose, but the absence of those scripts and hardcoded paths is incoherent.
!
Instruction Scope
The Python script will call PowerShell (ExecutionPolicy Bypass) to run capture scripts, read a local API key file at a hardcoded path, save/replace files under that same workspace, and then upload an embedded base64 PNG to https://dashscope.aliyuncs.com for OCR. Sending screenshots to a remote API is expected for OCR but is sensitive data exfiltration of chat images. The SKILL.md and script reference several local files and the AHK sender; the agent instructions do not declare or explain handling of sensitive data or permissions. The script will abort if the API key file is missing; there is a mismatch with the registry metadata which declared no required env/configs.
Install Mechanism
There is no install spec (instruction-only + single Python script), which reduces installation risk. However, runtime behavior executes PowerShell with ExecutionPolicy Bypass (to run external .ps1 scripts) and expects to call AHK; those runtime actions can execute arbitrary code if the referenced scripts are replaced or malicious, so verify the capture/send scripts before running.
!
Credentials
The package metadata lists no required credentials, but the script requires an API key file stored at a hardcoded path under C:\Users\chenxun\.nanobot\.secrets\dashscope_api_key.txt. This is an undeclared credential requirement and uses a developer-specific username/path. The skill also writes outputs into that workspace, potentially overwriting files. The credential access is not proportionally declared or configurable via environment variables.
Persistence & Privilege
The skill is not marked always:true and does not request elevated platform privileges. It does execute external scripts (PowerShell, AHK) and writes files to a workspace folder, but it does not alter other skills or system-wide configs in the provided code.
What to consider before installing
This skill appears to be an OCR-based WeChat reader but is incomplete and tied to the developer's local paths. Before using: (1) do not run it as-is — the package is missing the referenced .ps1 and .ahk scripts and uses a hardcoded C:\Users\chenxun path; (2) inspect or provide your own capture (.ps1) and send (.ahk) scripts and place them in a safe workspace you control; (3) move the API key out of a hardcoded file into a properly scoped secret (or at least confirm the expected file location) and verify the dashscope endpoint is legitimate for your account; (4) be aware the script will upload full screenshots (sensitive chat contents) to an external service — only proceed if you're comfortable with that data leaving your machine; (5) consider running in an isolated/test environment first and ask the author for a cleaned, configurable version (no hardcoded user paths, documented dependencies, and explicit declaration of required secrets). If you cannot verify these issues, treat the package as untrusted.

Like a lobster shell, security has layers — review code before you run it.

Current versionv0.1.1
Download zip
ahkvk97c7gjqd22vht3ezrayvsng998368ncautomationvk97c7gjqd22vht3ezrayvsng998368ncchatvk97c7gjqd22vht3ezrayvsng998368nclatestvk97c7gjqd22vht3ezrayvsng998368ncqwen-vlvk97c7gjqd22vht3ezrayvsng998368ncvisionvk97c7gjqd22vht3ezrayvsng998368ncwechatvk97c7gjqd22vht3ezrayvsng998368nc

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

WeChat Qwen Reply

快速开始

1) 读聊天文本(默认快模式)

python scripts/qwen_vl_read.py "群名或联系人"

2) 稳模式(全屏截图+裁剪)

python scripts/qwen_vl_read.py "群名或联系人" --slow

3) 调试输出最近截图

python scripts/qwen_vl_read.py "群名或联系人" --debug

关键说明

  • 依赖 AHK v2、微信 PC、Python 3.12
  • DashScope API Key 存在:C:\Users\chenxun\.nanobot\workspace\.secrets\dashscope_api_key.txt
  • 默认快模式:直接截聊天区域(更快);若坐标不准可改用 --slow
  • 截图坐标(已校准):左上 (386,68),右下 (1891,842)

脚本说明

  • scripts/qwen_vl_read.py:读取聊天文本(Qwen-VL)
  • scripts/wechat_capture_fast.ps1:快模式截图
  • scripts/wechat_capture_crop.ps1:稳模式截图
  • scripts/wechat_send_chat.ahk:发送消息(剪贴板粘贴,避免标点错乱)

输出

  • 最近一次识别文本:C:\Users\chenxun\.nanobot\workspace\qwen_chat_last.txt
  • 最近一次裁剪图:C:\Users\chenxun\.nanobot\workspace\qwen_last_crop.png

提示词逻辑(已内置)

  • 顺序:从上到下(旧→新)
  • 识别:绿色气泡=我,白色气泡=对方;颜色不清晰则参考左右位置
  • 群聊:尽量标注具体昵称
  • 文件/红包卡片:标注发送方并写明【文件卡片】/【红包卡片】
  • 系统提示:不输出

Files

2 total
Select a file
Select a file to preview.

Comments

Loading comments…