ClawHub

WeChat Desktop Sender

Security checks across malware telemetry and agentic risk

Overview

This skill matches its WeChat automation purpose, but it can send real messages in bulk and persist sensitive contact, message, screenshot, and UI data with limited safeguards.

Install only if you are comfortable letting an agent control your logged-in WeChat desktop session. Test with 文件传输助手 first, review every recipient list and message before sending, avoid unsolicited or large campaigns, and treat wechat_automation_logs as sensitive because it may contain contact names, message bodies, screenshots, and WeChat UI text.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (11)

Context-Inappropriate Capability

Medium
Confidence
94% confidence
Finding
The optional OCR verification captures the entire screen and runs text extraction across all visible content, which can collect unrelated sensitive information such as messages, emails, tokens, or documents. That exceeds the minimum privilege needed to verify a sent WeChat message and creates avoidable privacy and data-exposure risk, especially because OCR output may be logged or retained.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The failure screenshot function grabs the full desktop rather than the relevant WeChat window, so any visible confidential information from other applications can be unintentionally captured and stored. In an automation skill whose purpose is message sending, broad desktop capture is unnecessarily expansive and increases the chance of privacy leakage through log artifacts.

Context-Inappropriate Capability

Low
Confidence
82% confidence
Finding
Dumping and persisting the full WeChat control tree exposes a detailed map of the application's UI structure and potentially visible control labels, which is broader than needed for ordinary message sending. While primarily diagnostic, it can still leak sensitive metadata about the user's session or chats into log files if enabled.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill promotes batch, personalized, and template-based WeChat messaging without prominent safeguards about consent, recipient verification, privacy, or misuse for spam/outreach. In this context, desktop automation can rapidly send messages to many contacts or groups, increasing the risk of misdelivery, privacy violations, harassment, or unauthorized bulk messaging if invoked with the wrong file or target list.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The documentation describes serial batch messaging and notes that logs and a summary JSON are written, but it does not prominently warn users that they are initiating multi-recipient sends or that recipient/message metadata may be persisted to disk. In the context of a desktop messaging automation skill, this increases the risk of accidental mass messaging, privacy leakage through logs, and misuse for spam or unintended outreach.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
This documentation tells the user how to run a campaign script that sends messages to real WeChat contacts, but it does not clearly warn that execution will cause live outbound messages to be delivered. In an automation skill, that omission can lead to accidental mass or personalized outreach, privacy incidents, spam, or unintended business communication because users may treat the workflow as a dry run or test.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation shows how to automate sending WeChat desktop messages and explicitly includes debugging and OCR options, but it does not warn users that the tool will transmit messages to real recipients and may capture screenshots, UI trees, or OCR-derived artifacts containing chat content, contact names, or other sensitive data. In this context, the omission materially increases privacy and operational risk because users may enable debug features or test against live chats without understanding the data exposure.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The document explicitly instructs users how to send templated messages to multiple recipients with personalized fields, but it provides no guardrails around recipient consent, lawful use, rate limiting, or privacy handling of contact data. In the context of a WeChat desktop automation skill designed for serial batch outreach, this omission materially increases the likelihood of spam, unauthorized mass messaging, and misuse of personal data.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
This script performs serial batch sending of a user-supplied message to multiple WeChat contacts with no built-in confirmation gate, preview, rate-limit warning, or recipient sanity check in this file. In a desktop automation messaging skill, that increases the risk of accidental mass outreach, spam-like behavior, or misdelivery at scale if the contact list or message is wrong.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script logs the full contact list and writes per-recipient outcomes, including contact identifiers, timestamps, success state, and error details, to disk without any minimization or explicit privacy warning. These artifacts can expose sensitive relationship data and message-operation metadata to other local users, backup systems, or anyone with access to the log directory.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
This script stores full recipient identifiers and full message bodies in the in-memory results structure and then writes them to a JSON summary file on disk. In the context of a desktop WeChat bulk-messaging tool, that creates a clear privacy and data-exposure risk because sensitive outreach lists and message content may be recoverable from logs, backups, or other local users without any explicit warning or minimization.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal