ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

WeChat Auto Reply (V26 Safe)

v1.1.0

Monitors a detached WeChat Mac window via OCR and automatically replies using a customizable AI persona with safety locks to prevent interference.

0· 164·0 current·0 all-time
by@jarryxin

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for jarryxin/wechat-auto-reply-ai.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "WeChat Auto Reply (V26 Safe)" (jarryxin/wechat-auto-reply-ai) from ClawHub.
Skill page: https://clawhub.ai/jarryxin/wechat-auto-reply-ai
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install wechat-auto-reply-ai

ClawHub CLI

Package manager switcher

npx clawhub@latest install wechat-auto-reply-ai
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The code and SKILL.md functionality (monitor Mac WeChat UI via screenshots, OCR via 'summarize', generate replies via 'gemini', simulate keystrokes/clipboard and provide a Flask dashboard) are coherent with the skill name/description. However the registry metadata declares no required binaries or credentials while the SKILL.md and code explicitly require several external CLIs ('peekaboo', 'summarize', 'gemini'), macOS Screen Recording/Accessibility permissions, and a Gemini API key. The omission in metadata is an inconsistency and reduces transparency.
!
Instruction Scope
Runtime instructions and code perform broad UI automation: capturing screenshots of the WeChat window, writing state and history under ~/.openclaw/workspace, injecting clipboard contents, simulating paste/Return keystrokes, and running long-lived monitor loops that auto-send messages. The dashboard asks the user to provide a Gemini API key via the UI. The code calls external CLIs (summarize/gemini) which will likely send image/text to remote LLM/vision services — this external network activity is not spelled out in the registry metadata. All of these behaviors go beyond innocuous helpers and should be understood before use.
!
Install Mechanism
There is no install spec (instruction-only in registry), yet the bundle includes Python scripts and a requirements.txt (flask). More importantly, the code depends on non-Python CLIs ('peekaboo', 'summarize', 'gemini', native 'sips', 'screencapture') that are not declared as required binaries. That mismatch is a red flag: runtime will fail or behave unexpectedly if these tools differ in provenance or aren't installed, and the skill gives no guidance on obtaining/verifying them.
!
Credentials
The registry lists no required environment variables or primary credential, but SKILL.md and the dashboard explicitly require a Gemini API key (entered into the web UI). The code likely writes state and parsed JSON (including 'accumulated_history') to files under ~/.openclaw/workspace — the dashboard may persist the API key or pass it to child processes. Secrets handling is not declared or explained, which is disproportionate to the metadata and creates risk of secret persistence/exposure.
Persistence & Privilege
The skill does not set always:true and is user-invocable (normal). It runs long-lived monitoring loops and writes state under the user's home (~/.openclaw/workspace/memory/wechat_skill). It requires macOS Accessibility and Screen Recording permissions to perform keystroke/clipboard automation — these are necessary for the stated purpose but grant high local privileges (ability to send arbitrary UI input and read screen contents).
What to consider before installing
This package's code implements the WeChat auto-reply behavior described, but the registry metadata is incomplete: the SKILL.md and scripts require external CLIs (peekaboo, summarize, gemini), macOS Screen Recording and Accessibility permissions, and a Gemini API key that the dashboard asks you to enter. Before installing or running: - Verify the source and integrity of the external CLIs (peekaboo, summarize, gemini). The scripts will call them and those tools may send images/text to remote services. - Inspect dashboard.py to see how the API key is stored/used; avoid entering long-lived/high-privilege keys unless you confirm they are stored safely (the code likely writes to ~/.openclaw/workspace files). - Be aware the skill simulates keystrokes and manipulates the clipboard, which can send arbitrary text/files from your machine — test first with a throwaway WeChat account and minimal permissions. - If you need this functionality, consider creating an isolated macOS user account or VM for running it, use an ephemeral API key (least privilege), and verify the provenance of any third-party CLI binaries before use. Because required binaries and secret handling are not declared in the registry, treat this as suspicious until you confirm where the external tools come from and how the API key is protected.

Like a lobster shell, security has layers — review code before you run it.

latestvk978fksqbxeydbbhmg1nr92xed83kd8r
164downloads
0stars
5versions
Updated 1mo ago
v1.1.0
MIT-0
@jarryxin
latest
Download

🦇 wechat-auto-reply (究极形态: V5.0 Web Dashboard & Main Window Polling)

Author: OpenClaw / Selia's Assistant (Sebastian) Version: 5.0 Description: A generic, secure, and ban-safe WeChat auto-reply bot using Visual UI Automation and Large Language Models.

🚀 最新进化史 (V1.0 -> V5.0)

经历了一场充满血泪和报错的迭代旅程,这个脚本已经从一个脆弱的“找红点”和“小窗依赖”版本,进化成为了工业级的全自动守护神:

  1. V2.0 (Detached Window): 最初的版本,强依赖微信双击拉出的独立小窗,易受 macOS 焦点切换动画干扰。
  2. V3.0 (JSON Context Engine): 引入了 gemini-3-flash-preview 视觉引擎,把截图转化为结构化的 JSON (context_history, new_messages_to_reply),解锁了表情包翻译和多行上下文理解能力。
  3. V4.0 (Memory Bank & Action Interceptor):
    • 记忆银行: 将每一次短暂的截图记忆拼接进持久化的 last_parsed_*.json 数组中,彻底治愈了 AI 的“金鱼记忆”,保证历史聊天不丢失。
    • 动作拦截器: 引入 [ACTION:SEND_LOCATION|地址] 魔法指令,拦截大模型的纯文本回复,转而调用 send_location.py 发送高度仿真、可直接在微信内唤起导航的高德地图 (Amap) 链接。
  4. V5.0 (Ultimate: Main Window Polling & Web Dashboard):
    • 主窗口查房: 彻底废弃独立小窗!通过模拟 Cmd+F 在微信主界面轮询搜索目标名单,无缝切换聊天面板,零打扰你的电脑多任务(除了轮询的那几秒夺舍)。
    • V2 Web Dashboard: 引入基于 Flask 的超高颜值本地 Web 面板,支持一键启停、在线状态监控、实时截图快照、气泡聊天流预览、甚至能弹窗查看“记忆银行”里的全部历史记录!

🛠 Prerequisites (运行环境)

必须运行在满足以下条件的 macOS 电脑上:

  1. 系统权限: 运行脚本的终端必须拥有“屏幕录制 (Screen Recording)”和“辅助功能 (Accessibility)”权限。
  2. OpenClaw CLI 工具链:
    • peekaboo (macOS UI 定位与焦点控制)
    • summarize (Node.js 视觉分析引擎)
    • gemini (文本生成引擎)
  3. Python 依赖:
    • flask (用于运行 Web Dashboard)

🕹 如何启动 (How to Run)

只需启动 Dashboard 服务,一切都在网页端可视化操作!

1. 启动 Dashboard Web 服务

在终端中执行:

python3 ~/.openclaw/workspace/skills/wechat-auto-reply/dashboard.py

2. 访问控制台

在浏览器中打开: 👉 http://localhost:5000 (或者这台 Mac 的局域网 IP http://0.0.0.0:5000)

3. 在网页端配置并启动

  1. 🎯 监听名单: 输入你想监听的微信联系人备注名(逗号分隔,如 联系人A,联系人B,联系人C)。
  2. 🔑 Gemini API Key: 输入你的 Google Gemini API 密钥(这是必须的,否则视觉模型无法解析截图,会全线飘红报 JSON Decode Error)。
  3. ▶️ 启动监听: 点击绿色的启动按钮。脚本会在后台以默认 60 秒的间隔,疯狂且精准地在微信主界面搜索查房并自动回复。

⚙️ 核心脚本说明 (Under the Hood)

  • dashboard.py: 守护神的中枢神经。提供 Web 界面,管理 API 密钥环境变量,并负责起停子进程。
  • monitor_main.py: V5.0 的核心打工人。执行物理轮询、截图压缩 (sips)、调用模型、解析 JSON、合并记忆银行,并执行键盘注入回复。
  • send_location.py: 特种部队。当 monitor_main.py 截获到位置发送请求时,由它负责将高德地图 URI 转化为极其逼真的坐标文本并进行剪贴板注入。

🛡 安全声明 (Safety First)

本方案100% 不使用任何微信内存注入、网络协议 Hook、或第三方破解版客户端 (Wechaty, itchat 等)。完全基于纯视觉 OCR 与物理物理键鼠模拟,绝对不会导致微信封号

Comments

Loading comments...