ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

WeChat Auto Reply (V26 Safe)

v1.1.0

Monitors a detached WeChat Mac window via OCR and automatically replies using a customizable AI persona with safety locks to prevent interference.

0· 100·0 current·0 all-time
by@jarryxin
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The code and SKILL.md functionality (monitor Mac WeChat UI via screenshots, OCR via 'summarize', generate replies via 'gemini', simulate keystrokes/clipboard and provide a Flask dashboard) are coherent with the skill name/description. However the registry metadata declares no required binaries or credentials while the SKILL.md and code explicitly require several external CLIs ('peekaboo', 'summarize', 'gemini'), macOS Screen Recording/Accessibility permissions, and a Gemini API key. The omission in metadata is an inconsistency and reduces transparency.
!
Instruction Scope
Runtime instructions and code perform broad UI automation: capturing screenshots of the WeChat window, writing state and history under ~/.openclaw/workspace, injecting clipboard contents, simulating paste/Return keystrokes, and running long-lived monitor loops that auto-send messages. The dashboard asks the user to provide a Gemini API key via the UI. The code calls external CLIs (summarize/gemini) which will likely send image/text to remote LLM/vision services — this external network activity is not spelled out in the registry metadata. All of these behaviors go beyond innocuous helpers and should be understood before use.
!
Install Mechanism
There is no install spec (instruction-only in registry), yet the bundle includes Python scripts and a requirements.txt (flask). More importantly, the code depends on non-Python CLIs ('peekaboo', 'summarize', 'gemini', native 'sips', 'screencapture') that are not declared as required binaries. That mismatch is a red flag: runtime will fail or behave unexpectedly if these tools differ in provenance or aren't installed, and the skill gives no guidance on obtaining/verifying them.
!
Credentials
The registry lists no required environment variables or primary credential, but SKILL.md and the dashboard explicitly require a Gemini API key (entered into the web UI). The code likely writes state and parsed JSON (including 'accumulated_history') to files under ~/.openclaw/workspace — the dashboard may persist the API key or pass it to child processes. Secrets handling is not declared or explained, which is disproportionate to the metadata and creates risk of secret persistence/exposure.
Persistence & Privilege
The skill does not set always:true and is user-invocable (normal). It runs long-lived monitoring loops and writes state under the user's home (~/.openclaw/workspace/memory/wechat_skill). It requires macOS Accessibility and Screen Recording permissions to perform keystroke/clipboard automation — these are necessary for the stated purpose but grant high local privileges (ability to send arbitrary UI input and read screen contents).
What to consider before installing
This package's code implements the WeChat auto-reply behavior described, but the registry metadata is incomplete: the SKILL.md and scripts require external CLIs (peekaboo, summarize, gemini), macOS Screen Recording and Accessibility permissions, and a Gemini API key that the dashboard asks you to enter. Before installing or running: - Verify the source and integrity of the external CLIs (peekaboo, summarize, gemini). The scripts will call them and those tools may send images/text to remote services. - Inspect dashboard.py to see how the API key is stored/used; avoid entering long-lived/high-privilege keys unless you confirm they are stored safely (the code likely writes to ~/.openclaw/workspace files). - Be aware the skill simulates keystrokes and manipulates the clipboard, which can send arbitrary text/files from your machine — test first with a throwaway WeChat account and minimal permissions. - If you need this functionality, consider creating an isolated macOS user account or VM for running it, use an ephemeral API key (least privilege), and verify the provenance of any third-party CLI binaries before use. Because required binaries and secret handling are not declared in the registry, treat this as suspicious until you confirm where the external tools come from and how the API key is protected.

Like a lobster shell, security has layers — review code before you run it.

latestvk978fksqbxeydbbhmg1nr92xed83kd8r

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments