ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Wechat Automation Api

v1.0.11

微信发信能力:控制本机发送微信文本或图片。触发词:给[某人]发微信、通知[某人]、把这个用微信发给[某人]、用微信发个图片

0· 87·1 current·1 all-time
by@niansen3-svg
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The skill's declared purpose (a synchronous, one-shot CLI to control a local WeChat client) matches files like scripts/skill_cli.py and wechat_controller.py. However the repo also contains a full Flask HTTP API (scripts/app.py), a background monitor (scripts/monitor.py) that posts to an external WPush API, queue management, and run.bat/startup docs. Those extra capabilities (HTTP service, persistent monitor, token-based API) are not required by the SKILL.md and represent scope creep — they increase the attack surface and the potential for unexpected network activity.
Instruction Scope
SKILL.md instructs the agent to call `python scripts/skill_cli.py --to ... --content ...` and to interpret stdout ('发送成功'/'发送失败'). That runtime instruction is narrowly scoped and is consistent with a synchronous skill. The risk comes from other files in the package (app.py, monitor.py, message_queue.py) which SKILL.md does not instruct the agent to run but could be run by a user or operator. The SKILL.md explicitly tells the agent not to attempt visual UI analysis and to just execute the CLI, which is good practice.
Install Mechanism
There is no install spec (instruction-only from platform perspective), which lowers supply-chain risk. The repository includes a requirements.txt with many packages (Flask, uiautomation, pyautogui, pywin32, requests, Pillow, etc.). Installing these dependencies (e.g., `pip install -r requirements.txt`) will pull in networked packages and native bindings; installing should be done in an isolated virtualenv. No downloads from unknown personal servers are present in the manifest; the code downloads images and posts to external APIs at runtime (see details).
!
Credentials
The skill declares no required env vars and SKILL.md usage of skill_cli does not require credentials. However the repository supports running a local HTTP API that requires a token stored in config.json (docs and README mention a token and an example token is present in README_部署完成.md). The monitor posts to https://api.wpush.cn using an apikey from config.json. Those config/credential vectors are not declared in the SKILL.md and are unrelated to the one-shot CLI usage, so they increase risk if the HTTP service or monitor are started unintentionally.
Persistence & Privilege
The skill's published flags do not request 'always: true'. The SKILL.md states the Skill is synchronous and non-resident. Nevertheless the repository provides code to run a persistent HTTP service and a monitor process which, if started (via app.py/run.bat), will remain running and perform network operations (including spawning monitor.py via subprocess.Popen). That persistent behavior is optional in the repo but is not part of the SKILL.md contract — be careful not to start the background service unless you intend to run it.
What to consider before installing
What to consider before installing or running this skill: - If you only want the Skill behavior described in SKILL.md, only invoke the CLI entrypoint: `python scripts/skill_cli.py --to "联系人" --content "文本"`. That call uses WeChatController and operates locally (UI automation + clipboard). Avoid running scripts/app.py, run.bat, or monitor.py unless you explicitly want the HTTP API and background monitoring. - The repository contains an HTTP server (scripts/app.py) which expects a config.json token and can spawn a persistent monitor process that will send POSTs to an external WPush service (https://api.wpush.cn). Do not run the HTTP service unless you understand and control the config.json token and the network exposure. - Image sending (sendpic) will download arbitrary URLs and cache them in the system temp directory. If you accept sendpic actions, be aware the process will make outbound HTTP requests and write files to the temp cache. - The package requires native Windows automation libraries (uiautomation, pywin32, pyautogui). Install dependencies in a virtual environment, not system-wide, and preferably in an isolated/test machine before trusting it on a production machine or your primary account. - There are example tokens and a sample token in README_部署完成.md — treat those as examples. If you run the HTTP service, change the token in config.json to a strong secret and keep config.json secure. - If you are risk-averse: run the CLI in a disposable VM or sandboxed Windows environment, or remove/rename scripts/app.py and scripts/monitor.py before installation to prevent accidental background service startup. - Operational risks: automating WeChat UI can cause account actions (rate-limiting or detection by the platform). Ensure you have permission to automate the account and consider throttling and human oversight. Summary recommendation: The CLI skill itself is coherent and usable for the stated purpose, but the repository contains additional persistent/networked components (HTTP API + monitor) that are not required by SKILL.md — treat those as optional features and do not enable them unless you explicitly intend to run a local service and accept outbound network behavior.

Like a lobster shell, security has layers — review code before you run it.

latestvk97en760vmpn8650gv7twk80rx84kx3k

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments