ClawHub

Wechat Control

v0.1.3

Control local Windows WeChat client via Python to login, send messages, list recent chats, and get total unread count using itchat library.

0· 324·0 current·0 all-time
by@ltf13133-wq
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description claim to control a local Windows WeChat client via itchat matches the provided files: main.py implements login, send, list, and unread using the itchat API. No unrelated credentials, binaries, or external services are requested.
Instruction Scope
SKILL.md and main.py are scoped to local operations: prompting QR login, sending messages, listing chats, and reading unread counts. The instructions and code do create and reuse an itchat cache file (loginInfo.pkl) on disk and make network calls to WeChat as part of normal login/operation — the README warns about not syncing that cache. This is expected behavior but worth noting because local cached auth data is written to disk.
Install Mechanism
There is no install spec beyond requirements.txt; dependencies are standard PyPI packages (itchat, pywin32). Using PyPI is normal here but carries typical supply‑chain risk (verify package provenance/versions). No downloads from arbitrary URLs or extraction from unknown servers are present.
Credentials
The skill requests no environment variables or external credentials. Code does not read other env vars or config paths. The only local artifact is the itchat cache file; no unrelated secrets are requested or accessed.
Persistence & Privilege
The skill is not set to always:true and does not modify other skills or system-wide configuration. It will persist login state locally via itchat (loginInfo.pkl), which allows reuse of the session across runs. Autonomous invocation (disable-model-invocation=false) is platform default and not in itself a problem here.
Assessment
This skill appears coherent and does what it says: control a local Windows WeChat client via the third‑party itchat library. Before installing, consider: (1) run in a dedicated virtualenv or isolated machine to limit impact; (2) verify the itchat and pywin32 package sources and versions (supply‑chain risk of PyPI packages); (3) be aware itchat will write a login cache file (loginInfo.pkl) containing session info — do not sync or share that file; (4) automated sending can be abused, so limit who/what can trigger the skill; (5) if you need stronger assurance, open and review the itchat package code or use official SDKs/APIs if available.

Like a lobster shell, security has layers — review code before you run it.

latestvk97fkawf7d74ppfaxdpejakdcn833vt5

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments