ClawHub

weixin-send

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says, but it can send WeChat messages using local bot credentials outside OpenClaw’s normal controls and logs.

Install only if you intentionally need an out-of-band WeChat text-sending fallback. Prefer the native OpenClaw message tool when available, protect the local openclaw-weixin account files, verify recipient IDs before sending, and avoid unsolicited or automated messages without clear authorization.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The README promotes proactive WeChat messaging and explains that the tool reads local bot tokens and context_token values, but it does not clearly warn users about consent, recipient expectations, or the privacy implications of reusing stored conversation context for outbound contact. In this skill context, the capability is inherently sensitive because it enables unsolicited user messaging outside the normal channel framework, increasing the risk of spam, privacy misuse, or accidental contact to the wrong recipient.

Missing User Warnings

Medium
Confidence
85% confidence
Finding
The skill documents proactive outbound messaging through a direct external API and states that it bypasses the OpenClaw channel framework and session logging, but it does not foreground the resulting privacy and auditability risks before use. In practice, this can enable unlogged exfiltration of message content and recipient metadata using locally stored tokens.

VirusTotal

59/59 vendors flagged this skill as clean.

View on VirusTotal