Wechat Qwen Reply
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The skill's real screen-capture or message-sending behavior may depend on local files that were not supplied for review.
The script executes PowerShell helper files from a hard-coded workspace, but the supplied manifest only includes SKILL.md and qwen_vl_read.py; the capture and AHK send helpers referenced by the skill are not reviewable here.
ps_script = "wechat_capture_fast.ps1" if fast_mode else "wechat_capture_crop.ps1" ps_args = [str(BASE / ps_script), "-Contact", contact] crop_path = run_ps(ps_args)
Only use this after inspecting the referenced .ps1 and .ahk files, and prefer packaging them with the skill using relative paths and versioned provenance.
Unreviewed local PowerShell code could run with the user's permissions when the skill is used.
The skill launches PowerShell with ExecutionPolicy Bypass. Running helper scripts is related to screenshot capture, but the bypass plus absent helper source makes the executed behavior insufficiently bounded.
cmd = ["powershell", "-ExecutionPolicy", "Bypass", "-File"] + args res = subprocess.run(cmd, capture_output=True, text=True)
Remove the bypass if possible, include the helper scripts in the reviewed package, and require explicit user approval before running local automation.
A mistaken or incomplete invocation could capture and send the wrong private chat to the vision provider.
If no contact is provided, the script silently falls back to a specific hard-coded WeChat contact/group instead of refusing to run.
contact = "华工学术嫡长子"
for a in args:
if not a.startswith("--"):
contact = a
breakRequire an explicit contact argument and fail safely when it is missing.
The skill uses the user's DashScope account quota and authority to process chat screenshots.
The skill reads a local DashScope API key even though registry metadata declares no primary credential or required environment variable. This is expected for Qwen-VL access but under-declared.
API_KEY_PATH = BASE / ".secrets" / "dashscope_api_key.txt"
api_key = API_KEY_PATH.read_text(encoding="utf-8").strip().lstrip("\ufeff")Declare the required credential in metadata and let users configure the key path rather than hard-coding a user-specific location.
Private WeChat messages, names, files/red-packet cards, or other visible information may be processed by an external provider.
The captured WeChat screenshot is base64-embedded and sent to the DashScope/Qwen-VL API. This is purpose-aligned for visual OCR, but it means private chat content leaves the local machine.
"https://dashscope.aliyuncs.com/compatible-mode/v1/chat/completions"
{"type": "image_url", "image_url": {"url": f"data:image/png;base64,{img_b64}"}}Use only with conversations you are comfortable sending to DashScope, and disclose this data flow clearly before use.
Recent private chat content may remain on disk after the task finishes.
The skill persists the latest chat screenshot and recognized text to fixed files in the workspace.
last_crop = BASE / "qwen_last_crop.png" Path(crop_path).replace(last_crop) (BASE / "qwen_chat_last.txt").write_text(chat_text, encoding="utf-8")
Store outputs in a user-selected location or provide a clear cleanup option, especially for sensitive chats.