ClawHub

macOS微信发送器

Security checks across malware telemetry and agentic risk

Overview

The skill appears to do what it says, but it can automatically send real WeChat messages or files from the user's logged-in desktop account with weak safeguards.

Review before installing. Use only with contacts, messages, and file paths you have verified, avoid passing untrusted text into the tool, and do not use it for sensitive files unless you accept the risk of automated WeChat sending, clipboard side effects, and possible wrong-recipient delivery.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
def _run_osascript(script: str) -> tuple[int, str]:
    """执行 AppleScript, 返回 (returncode, output)"""
    p = subprocess.run(["osascript", "-e", script],
                       capture_output=True, text=True, timeout=30)
    return p.returncode, p.stdout.strip()
Confidence
96% confidence
Finding
p = subprocess.run(["osascript", "-e", script], capture_output=True, text=True, timeout=30)

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill automates the real desktop WeChat client and can send messages or files to actual contacts and groups, yet the description lacks a prominent warning about this real-world action. Without explicit notice and confirmation safeguards, users may unintentionally message the wrong recipient, leak sensitive files, or trigger irreversible communications.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The tool sends files through WeChat automatically without any confirmation step immediately before the irreversible send action. In a desktop automation context, this increases the risk of accidental or coerced exfiltration of sensitive files to the wrong recipient, especially since contact targeting is also automated.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
Automated text sending occurs with no warning or confirmation before pressing Enter, so any misuse, bad input, or UI mismatch can instantly send a message. In a messaging automation skill, this can cause data leakage, social engineering, or unintended actions under the user's account.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal