WeChat File Sender
Send files via Windows WeChat desktop client by automating window control, clipboard, and keyboard input using Node.js and PowerShell scripts.
MIT-0 · Free to use, modify, and redistribute. No attribution required.
⭐ 0 · 13 · 0 current installs · 0 all-time installs
MIT-0
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Name/description align with provided files and instructions: the JS + PowerShell use Windows UI Automation, clipboard, and Win32 calls to control the WeChat desktop client. No unrelated credentials, binaries, or packages are requested.
Instruction Scope
The SKILL.md and scripts perform window automation, clipboard manipulation, and will cause the WeChat client to transmit the chosen file to a contact. The skill claims "No network calls, no data exfiltration," which is misleading because sending a file via the user’s WeChat client will transmit that file off the machine. The instructions also require running a bundled PowerShell script with ExecutionPolicy Bypass — appropriate for operation but a notable security vector if the script is modified or misused.
Install Mechanism
Instruction-only skill (no install spec) with included JS and inline PowerShell source. Nothing is downloaded from external URLs during install, so no additional install-related network risk is introduced by the skill itself.
Credentials
No environment variables, credentials, or config paths are requested. The skill requires local file-system access to whichever absolute path the caller supplies (expected for a file-sender), and it runs PowerShell with -ExecutionPolicy Bypass which is local but worth noting as it allows the included script to run without changing system policy.
Persistence & Privilege
always:false (normal) and the skill does not request system-wide persistence. However, the platform default allows autonomous invocation; combined with the ability to read local files and send them via WeChat, this increases potential for unwanted transmission of sensitive files if the agent is permitted to run the skill without human oversight.
What to consider before installing
What to consider before installing:
- The skill will open WeChat and cause the client to send whatever local file you pass; that is network transmission by WeChat even though the script itself makes no direct network calls. Do not use this on sensitive files unless you intend to send them.
- Inspect the included PowerShell (send-file.ps1) yourself before running. The skill runs it with -ExecutionPolicy Bypass; that is needed for operation but also means the script will run even if system policies normally block .ps1 files. If the script is tampered with, that bypass could enable execution of malicious PowerShell.
- Test with a harmless file and a trusted contact first. The automation uses clipboard and SendKeys and will affect the active desktop (it brings the WeChat window to foreground), so it can disrupt other user activity.
- If you plan to allow autonomous agent use of this skill, be cautious: an agent with access to local files could use this skill to exfiltrate data to any WeChat contact. Consider restricting autonomous invocation or requiring explicit human approval for each run.
- Prefer running in a sandbox/VM if you want to limit blast radius, and ensure the skill package files are obtained from a trusted source or re-audit them periodically.
- Overall: functionality is coherent with the stated purpose, but the "no data exfiltration" claim is misleading and you should verify scripts and control invocation policies before using on sensitive data.scripts/send-file-to-wechat.js:58
Shell command execution detected (child_process).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.Like a lobster shell, security has layers — review code before you run it.
Current versionv1.0.1
Download zipautomationfilelatestrpawechatwindows
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
SKILL.md
wechat-file-sender
Send files via Windows WeChat client using RPA automation. No external dependencies — pure PowerShell + Windows Automation API.
Security: filePath must be an absolute path. contactName is validated to 50 chars max, Chinese/alphanumeric/underscore/space only. No network calls, no data exfiltration.
Setup
Requirements: Windows OS with WeChat desktop client installed.
clawhub install wechat-file-sender --dir <your-skills-dir>
Usage
Command line
node scripts/send-file-to-wechat.js "<filePath>" "<contactName>"
OpenClaw trigger phrases
向wechat发送文件给[联系人]:文件路径发微信文件给[联系人]:文件路径
PowerShell Script Source (scripts/send-file.ps1)
Full source — audit it before running:
param(
[string]$filePath,
[string]$contactName
)
Add-Type -AssemblyName UIAutomationClient
Add-Type -AssemblyName UIAutomationTypes
Add-Type -AssemblyName System.Windows.Forms
Add-Type -AssemblyName PresentationCore
# Step 0: Check file exists
if (-not (Test-Path $filePath)) {
Write-Host "[ERROR] File not found"
exit 1
}
# Step 1: Find WeChat window (class Qt51514QWindowIcon)
$root = [System.Windows.Automation.AutomationElement]::RootElement
$allWindows = $root.FindAll([System.Windows.Automation.TreeScope]::Children,
(New-Object System.Windows.Automation.PropertyCondition(
[System.Windows.Automation.AutomationElement]::ControlTypeProperty,
[System.Windows.Automation.ControlType]::Window)))
$wechatWindow = $null
foreach ($w in $allWindows) {
if ($w.Current.ClassName -match 'Qt51514QWindowIcon') {
$wechatWindow = $w
break
}
}
if (-not $wechatWindow) {
Write-Host "[ERROR] WeChat not found"
exit 1
}
# Win32 API for window focus
Add-Type @"
using System;
using System.Runtime.InteropServices;
public class WinAPI {
[DllImport("user32.dll")]
public static extern bool SetForegroundWindow(IntPtr hWnd);
[DllImport("user32.dll")]
public static extern bool ShowWindow(IntPtr hWnd, int nCmdShow);
[DllImport("user32.dll")]
public static extern bool IsIconic(IntPtr hWnd);
public const int SW_MINIMIZE = 6;
public const int SW_RESTORE = 9;
}
"@
$hwnd = [IntPtr]$wechatWindow.Current.NativeWindowHandle
if ([WinAPI]::IsIconic($hwnd)) {
[WinAPI]::ShowWindow($hwnd, [WinAPI]::SW_RESTORE)
}
[WinAPI]::SetForegroundWindow($hwnd)
Start-Sleep 1
# Step 2: Open search (Ctrl+F)
[System.Windows.Forms.SendKeys]::SendWait("^f")
Start-Sleep 1
# Step 3: Type contact name (via clipboard — SendKeys can't type Chinese)
[System.Windows.Forms.Clipboard]::Clear()
Start-Sleep 0.3
[System.Windows.Forms.Clipboard]::SetText($contactName)
Start-Sleep 0.5
[System.Windows.Forms.SendKeys]::SendWait("^v")
Start-Sleep 2
# Step 4: Select first result and enter chat
[System.Windows.Forms.SendKeys]::SendWait("{UP}")
Start-Sleep 0.5
[System.Windows.Forms.SendKeys]::SendWait("{ENTER}")
Start-Sleep 1
# Step 5: CLIPBOARD ACTIVATION TRICK
# When staying in the same window, clipboard may not activate.
# Minimize -> set clipboard -> restore = clipboard activates
[WinAPI]::ShowWindow($hwnd, [WinAPI]::SW_MINIMIZE)
Start-Sleep 0.5
$fc = New-Object System.Collections.Specialized.StringCollection
$fc.Add((Resolve-Path $filePath))
[System.Windows.Forms.Clipboard]::Clear()
Start-Sleep 0.5
[System.Windows.Forms.Clipboard]::SetFileDropList($fc)
Start-Sleep 1
[WinAPI]::ShowWindow($hwnd, [WinAPI]::SW_RESTORE)
Start-Sleep 0.5
[WinAPI]::SetForegroundWindow($hwnd)
Start-Sleep 0.5
# Step 6: Paste and send
[System.Windows.Forms.SendKeys]::SendWait("^v")
Start-Sleep 1
[System.Windows.Forms.SendKeys]::SendWait("{ENTER}")
Write-Host "[OK] File sent to: $contactName"
Key Implementation Notes
- ExecutionPolicy Bypass is required — PowerShell blocks
.ps1scripts by default. Bypass only affects this specific script file, not system policy. - No admin needed — uses only user-level Win32 APIs (SetForegroundWindow, ShowWindow) and Windows Automation API.
- Clipboard activation trick — solves the Windows clipboard issue when source and target are the same window.
- Contact name via clipboard — SendKeys cannot type Chinese characters; workaround is to copy to clipboard and Ctrl+V.
Files
2 totalSelect a file
Select a file to preview.
Comments
Loading comments…