ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

微信操作手册

v1.0.0

微信朋友圈操作技能。用于打开朋友圈、浏览动态、滚动查看内容等。使用场景:(1) 打开朋友圈,(2) 滚动浏览朋友圈内容,(3) 查看好友动态,(4) 给朋友圈点赞评论

1· 88·0 current·0 all-time
by@islandlxl
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (WeChat Moments automation) align with the provided PowerShell automation steps: clicking taskbar icons, opening Moments, scrolling, sending keys, and initiating calls are all consistent with the stated capabilities.
Instruction Scope
The SKILL.md contains explicit PowerShell code that moves the mouse, clicks, scrolls, and sends keystrokes (SetCursorPos, mouse_event, SendKeys). These actions are coherent with GUI automation but are global (they affect the whole desktop) and use hard-coded coordinates/resolution assumptions. That means the script can mis-click other windows, send messages, or initiate calls if focus/resolution differ. The instructions do not read files, environment variables, or exfiltrate data to external endpoints.
Install Mechanism
Instruction-only skill with no install spec and no code files beyond the SKILL.md. Nothing is downloaded or written to disk by an installer—lowest install risk.
Credentials
No environment variables, credentials, or config paths are requested. The skill does not ask for unrelated secrets or cloud credentials.
Persistence & Privilege
always is false and the skill does not request system-wide persistence or modify other skills/config. Model invocation is enabled by default (normal for skills); consider restricting autonomous invocation if you want manual control.
Assessment
This skill will simulate your mouse and keyboard using fixed screen coordinates. Before installing or running it: (1) Review and understand the PowerShell code; (2) test it in a safe, non-critical session (or virtual machine) to adjust coordinates and timing for your display; (3) avoid running it while you use the computer because it can click/type into other apps and can send messages or place calls; (4) prefer manual invocation (disable autonomous runs) until you trust it; (5) do not run with elevated privileges and ensure you are present to abort if it behaves unexpectedly.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ahas1jav1z6tsaek4yr3y9s83dcaz

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments