Back to skill
Skillv1.0.0
VirusTotal security
wx · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:37 AM
- Hash
- 2431b85982a59acae93a1d49d697254e269bf1da79d27a50e36d27802503ff2e
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: wx-send Version: 1.0.0 The skill implements WeChat automation using high-risk methods, including full-screen screenshots (`screencapture` in `wx_ocr_reply.py`) and UI manipulation via AppleScript and `pyautogui`. While these capabilities align with the stated purpose of automated messaging and OCR-based replies, capturing the entire screen poses a significant privacy risk as it may inadvertently collect sensitive data from other visible applications. There is no evidence of data exfiltration or intentional malice, but the reliance on broad system permissions and invasive data collection techniques warrants a suspicious classification.
- External report
- View on VirusTotal