Back to skill
Skillv1.0.0
ClawScan security
wxauto · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 9, 2026, 10:13 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill's code, docs, and runtime behavior align with its stated purpose of controlling a local wxautox4 REST API for WeChat; required binaries and file access match that purpose.
- Guidance
- This skill appears to do what it says — control a local wxautox4 REST API — but before installing: (1) verify you trust the wxautox4 PyPI package and the GitHub repo (run.py) the skill may execute, (2) be aware it will read ~/.wxautox/service_status.json and service config.yaml (which may contain tokens), and (3) change the default auth.token in the service config to a strong token if you expose the service. If you don't trust the repository or do not want a local process spawned from unreviewed code, don't run the start/install steps.
Review Dimensions
- Purpose & Capability
- okThe name/description (WeChat automation via wxautox4 REST API) matches the included Python script and SKILL.md. Requiring a local Python binary, optionally installing wxautox4, reading a local service status file, and starting a local run.py are all coherent with operating a local RESTful WeChat service.
- Instruction Scope
- noteSKILL.md and scripts instruct the agent to read ~/.wxautox/service_status.json, optional config.yaml, environment vars (WXAPI_*), and to start the local wxauto-restful-api by running run.py if needed. Those file reads and spawning of a local server are within the skill's scope, but note the script will execute run.py from a repository on disk (or one the user clones) which runs arbitrary code; this is expected for starting the service but is a point for the user to vet the service code.
- Install Mechanism
- noteThe SKILL.md recommends 'pip install wxautox4' (public PyPI package) and cloning a GitHub repo (github.com/cluic/wxauto-restful-api). No opaque download URLs or shorteners are used. Risk is moderate only because the skill can execute run.py from that repo (user should ensure the repo is trusted).
- Credentials
- okThe skill does not request unrelated secrets. It optionally reads WXAPI_BASE_URL, WXAPI_TOKEN, WXAPI_PORT, WXAPI_SERVICE_DIR, WXAPI_CONFIG and falls back to a local service_status.json or defaults. Access to those local tokens/configs is proportional to controlling the local API.
- Persistence & Privilege
- okThe skill is not marked always:true and doesn't attempt to modify other skills or global agent settings. It may start a background server process (run.py) as part of its function, which is expected and scoped to the service.