ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

WeChat Read CN

v2.2.0

Read chat history from a WeChat contact or group via macOS desktop client screenshot + agent OCR. Use when the user asks to read, view, check, or retrieve We...

0· 114·0 current·0 all-time
byLnation@chuntong007
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the implementation: macOS-only UI automation + screenshots + Vision OCR. Required binary (cliclick) and macOS-specific tooling (osascript, screencapture, swift/ Vision) are appropriate and proportional for this function.
Instruction Scope
Runtime instructions and scripts perform UI automation (activate/resizes WeChat, paste search text, press keys), take screenshots, run local OCR via Swift Vision, and write/read files under /tmp (e.g., /tmp/wechat_read_search.png, /tmp/wechat_read_p*.png, /tmp/wechat_read_clip.txt). These actions are expected for the stated goal but require Accessibility and Screen Recording permissions and will touch the clipboard and temporary files (sensitive user data). There are no instructions to send data to external network endpoints.
Install Mechanism
Install spec is a single brew formula (cliclick). No downloads from arbitrary URLs, no npm/go artifacts, and the skill ships its scripts as plain shell files. Install mechanism is standard and proportionate.
Credentials
No environment variables or credentials are requested. The scripts require macOS permissions (Accessibility, Screen Recording) which are necessary for UI automation and screenshot capture; this is proportional to the feature.
Persistence & Privilege
always is false and the skill does not request to persist or modify other skills or system-wide settings. It runs ad-hoc UI automation and writes temporary files only; autonomous invocation is allowed by default but not exceptional here.
Assessment
This skill legitimately automates the WeChat desktop app and OCRs screenshots. Before installing: (1) Confirm you want to grant Accessibility and Screen Recording to the agent/terminal (these permissions let it control apps and capture your screen). (2) Be aware the scripts paste the contact name into the clipboard and write screenshots and a temporary clipboard file under /tmp — those may contain sensitive chat data; clear the clipboard/temporary files afterward if desired. (3) There are no network exfiltration indicators in the code, but review the scripts yourself if you have additional privacy concerns and test with a non-sensitive account first. (4) If you no longer need it, revoke Accessibility/Screen Recording and uninstall cliclick.

Like a lobster shell, security has layers — review code before you run it.

latestvk976qbwpdyag4rrp0bn31w147d84w87n

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

📖 Clawdis
OSmacOS
Binscliclick

Install

安装 cliclick(brew)
Bins: cliclick
brew install cliclick

Comments