微信MCP
WarnAudited by ClawScan on May 18, 2026.
Overview
This skill can send WeChat messages through your logged-in desktop account and save chat screenshots locally, while its contact-targeting behavior is not safely verified.
Install only if you are comfortable giving an agent the ability to operate your desktop WeChat session. Keep WeChat on the intended chat, verify the recipient before every send, and delete any generated screenshot files if they may contain private conversations.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent or user could believe a message is going to a named contact, but the automation may send it to whatever WeChat chat is currently active.
When a target chat window is not found, the code falls back to a generic WeChat window and then sends by pressing Enter, which can send the message to the wrong active chat without confirmation.
if not win:
wins = gw.getWindowsWithTitle("微信")
for w in wins:
if w.width > 500:
win = w
break
...
pyautogui.press('enter')Require explicit user confirmation showing the detected recipient and message before sending; fail closed if the requested contact cannot be verified.
Any agent allowed to use this tool may be able to send WeChat messages from your account.
The MCP tool uses the user's active desktop WeChat identity to send messages as that user, but the artifacts do not define approval, recipient scope, or rollback controls.
"name": "wechat_send_message", "description": "给当前聊天窗口发送消息,不传contact则自动识别"
Limit which agents can invoke this tool, add per-message approval, and restrict sending to explicitly selected contacts.
Private WeChat content may remain on disk after the message action and could be read later by other tools or users with file access.
The code persists screenshots of WeChat contact, chat, input, and result areas as local files, which may contain private conversation content and are not documented with retention or cleanup rules.
img.save(str(Path(__file__).parent / "contact_name.png")) ... img.save(str(Path(__file__).parent / "verify.png")) ... input_img.save(str(Path(__file__).parent / "input_verify.png")) ... img.save(str(Path(__file__).parent / "result.png"))
Avoid saving screenshots by default, store them only with explicit user consent, and provide clear cleanup and retention behavior.
Users may over-trust the skill's recipient targeting and send sensitive or embarrassing messages to the wrong person.
The documentation promises contact search/opening and safe recipient selection, but the provided server.py does not implement send_message_to_contact and can fall back to the current WeChat window.
搜索并打开联系人聊天窗口
...
send_message_to_contact("联系人名称", "消息内容")
...
确保回复发给正确的人Correct the documentation and implementation so contact targeting is actually verified, or clearly state that it only sends to the currently active chat.
Installation may depend on whatever package versions are resolved in the user's Python environment.
The manual pip install is expected for a Python desktop automation skill, but the registry has no install spec and the package provenance/version locking is limited.
pip install pyautogui pygetwindow pillow pyperclip opencv-python
Install in an isolated environment and prefer pinned, reviewed dependencies.