Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
wechat-auto-reply
v1.0.1半自动回复微信联系人消息(置信度>85%自动发送,否则确认),或主动发送指定内容。使用方式:wechat-auto-reply "联系人名称" 或 wechat-auto-reply "联系人名称" "消息内容
⭐ 9· 3.3k·25 current·27 all-time
by@bjdzliu
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name/description (WeChat auto-reply) match the runtime instructions: AppleScript/UI automation to activate WeChat, search contacts, take screenshots/OCR chat content, generate replies and send them. Dependencies mentioned (cliclick, macOS Vision, pyobjc) are consistent with GUI automation and OCR on macOS.
Instruction Scope
The SKILL.md instructs the agent to read chat content via screenshots + OCR, modify the clipboard, and send messages automatically based on a confidence threshold. Those actions are expected for an auto-reply tool but are highly sensitive: they read user messages, can exfiltrate or retransmit content, and can send messages without explicit user action when confidence is high. The instructions also encourage editing local scripts and changing coordinates, which requires the user to run/inspect files that will interact with the GUI.
Install Mechanism
The skill is instruction-only (no install spec), but the README recommends installing via 'brew tap bjdzliu/openclaw' and 'brew install wechat-auto-reply'. That references an unknown Homebrew tap/author (bjdzliu). Installing from a third-party tap can pull arbitrary code/binaries. The absence of embedded install metadata means the platform can't validate what would be installed; this is a moderate installation risk.
Credentials
The skill does not request any environment variables, credentials, or config paths beyond its own suggested local files. There are no unrelated secrets requested. However, its normal operation involves reading user chat content (via screenshots/OCR) and the clipboard, which are sensitive but proportionate to the stated purpose.
Persistence & Privilege
always:false (not forced) and model invocation defaults are normal. The skill requires GUI automation privileges (Accessibility permissions on macOS) to operate; granting those is a high-privilege action because it allows the tool to control WeChat and the UI. Autonomous invocation combined with GUI control could send messages without immediate user consent if the auto-send threshold is high.
What to consider before installing
This skill appears to do what it claims, but exercise caution before installing: 1) The README asks you to add a third-party Homebrew tap (bjdzliu) — only install from taps you trust; review the tap/package contents first. 2) The tool requires macOS Accessibility/UI-automation permissions and will read screenshots/OCR and the clipboard — review the actual scripts that will be installed to ensure they don't exfiltrate or log chat contents. 3) Test with a dummy account or a safe contact and set the auto-send confidence threshold high (or disable automatic sending) until you verify behavior. 4) If you cannot inspect the package source or the Homebrew tap, avoid installing. 5) If you proceed, run 'which wechat-auto-reply' and inspect files under the indicated install path before granting permissions.Like a lobster shell, security has layers — review code before you run it.
latestvk971mvscjbsm0a6svg5y885ga981sf71
License
MIT-0
Free to use, modify, and redistribute. No attribution required.