Wechat Voice
Security checks across malware telemetry and agentic risk
Overview
This appears to be a coherent local WeChat voice transcription helper, with no evidence of credential use, exfiltration, persistence, or destructive behavior.
Before installing, confirm you are comfortable with local processing of WeChat voice attachments, installing the documented Python packages, and using ffmpeg on received audio files. Keep output paths temporary and review dependencies if the audio may be sensitive.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the skill may require fetching third-party Python packages whose exact versions are not fixed.
The skill relies on external Python packages installed without pinned versions. This is purpose-aligned for SILK decoding and Whisper transcription, but dependency provenance and future package changes matter.
python3 -m pip install --user silk-python faster-whisper
Install dependencies from trusted sources, consider pinning versions, and review package provenance in environments that handle sensitive voice messages.
The skill will process local audio files and may overwrite its configured WAV output file.
The helper invokes ffmpeg on a supplied local audio path and overwrites the chosen WAV output path. This is expected for media conversion, but it is still local tool execution on attachment content.
['ffmpeg', '-y', '-i', str(src), str(wav)]
Use it only for intended inbound audio attachments, keep output paths in a safe temporary location, and avoid passing arbitrary protected file paths as output.