Wechat Qwen Reply
Security checks across malware telemetry and agentic risk
Overview
The skill has a coherent WeChat/Qwen purpose, but it relies on missing unreviewed helper scripts and handles private chat screenshots, credentials, and potential auto-replies in ways that need review before use.
Before installing, inspect or obtain the missing PowerShell/AHK helper scripts, confirm that any WeChat sending requires explicit approval, use a dedicated DashScope API key, and only run it on chats whose contents may be shared with the external Qwen/DashScope service.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill may depend on local helper code whose behavior, provenance, and safety controls are unknown to the installer.
The skill references PowerShell/AHK helper scripts for capture and sending, but the provided manifest includes only SKILL.md and scripts/qwen_vl_read.py, so core runtime behavior is not reviewable.
`scripts/wechat_capture_fast.ps1` ... `scripts/wechat_capture_crop.ps1` ... `scripts/wechat_send_chat.ahk`
Include the helper scripts in the package, declare their dependencies, and make their capture/send behavior reviewable before installation.
Running the skill can execute unreviewed local PowerShell code with the user's permissions.
When the reader runs, it launches a PowerShell script with execution-policy bypass; those scripts are hardcoded outside the reviewed package.
cmd = ["powershell", "-ExecutionPolicy", "Bypass", "-File"] + args
Avoid execution-policy bypass where possible, package or verify the exact helper scripts, and require explicit user approval before running local automation.
If the missing send helper is present locally, the skill could send unintended WeChat messages without a clearly reviewed approval flow.
The skill advertises automatic WeChat replies using AHK, which can send messages from the user's account, but the reviewed artifacts do not include the sender implementation or documented confirmation limits.
description: WeChat chat reader + auto-reply (Qwen-VL vision + AHK send)
Document the exact auto-reply workflow, include the AHK sender code for review, and require per-message confirmation before sending.
The skill can spend or use the configured DashScope account quota and exposes a dependency on a local secret file.
The script reads a DashScope API key from a hardcoded local secrets path and uses it as a bearer token, while registry metadata declares no credential requirement.
API_KEY_PATH = BASE / ".secrets" / "dashscope_api_key.txt" ... "Authorization": f"Bearer {api_key}"Use a dedicated limited-scope DashScope key, protect the secrets file, and declare the credential requirement in metadata.
Private chat content, filenames, red-packet cards, and visible contact information may leave the device for processing by the provider.
The captured WeChat screenshot is embedded as base64 image data and sent to the external DashScope/Qwen-VL API.
"url": f"data:image/png;base64,{img_b64}" ... "https://dashscope.aliyuncs.com/compatible-mode/v1/chat/completions"Use only with chats you are allowed to share, review DashScope retention/privacy terms, and avoid sending highly sensitive conversations.
A local copy of recent WeChat content remains on disk and could be read later by other tools or users with access to that workspace.
The script persists the most recent chat crop and recognized transcript to fixed local files.
last_crop = BASE / "qwen_last_crop.png" ... (BASE / "qwen_chat_last.txt").write_text(chat_text, encoding="utf-8")
Store outputs in a user-approved location, document retention, and delete or protect these files after use.