wxwork-rpa

The skill is plausibly an RPA for 企业微信 but contains anti-detection and low-level HID emulation code, plus an undocumented network/AI integration — these mismatches and evasion features warrant caution before installing.

This package appears to implement the claimed 企业微信 UI automation, but several red flags mean you should be cautious: - Anti-detection & HID code: The scripts include deliberate randomization, pattern changes, and attempts to enumerate/use HID devices. Those features are used to evade automated-detection and can enable stealthy automated messaging — consider whether you want that capability in your environment. - Network/API mismatch: SKILL.md and code include support for sending message text to an external AI endpoint (CHAT_API_URL/CHAT_API_KEY). The README also claims "all operations are local," which contradicts the network integration. Only set API keys to endpoints you fully trust, and review the code paths that call requests to see what data is sent. - Undeclared credentials: The registry metadata does not declare required environment variables, yet the instructions ask you to provide API URL/key. This is an incoherence — treat API keys as sensitive. - High-permission operations: The tool requires Accessibility and Screen Recording permissions (macOS) and will access the clipboard, take screenshots, and may store logs/screenshots locally. Run it only on accounts/systems where that is acceptable. Recommended actions before installing or running: 1) Review the full wechat.py and scripts to identify exactly when and what is sent to any external endpoints (search for requests.post/get and inspect payloads). 2) Run the tool in a sandboxed VM or isolated test account first; do not run with your primary enterprise account until satisfied. 3) If you only need benign automation, consider removing or disabling anti_detection and HID enumeration code, and disable network/AI integration to keep all operations local. 4) Only provide CHAT_API credentials to trusted services; if unsure, block network egress for the process and test local-only functions. 5) Ask the author for provenance (homepage, source repository, digital signatures) if possible; lack of a homepage and unknown source lowers trust. Confidence is medium because the code matches the advertised automation purpose, but the anti-detection/HID and undocumented network integration create meaningful inconsistencies that could indicate misuse or sloppy disclosure.