WeChat Send
Automate sending text messages and images/files in the macOS WeChat desktop app by controlling the UI via AppleScript and JXA. This is NOT a WeChat chat chan...
MIT-0 · Free to use, modify, and redistribute. No attribution required.
⭐ 0 · 23 · 0 current installs · 0 all-time installs
byHoncy Ye@yeholdon
MIT-0
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The scripts clearly implement GUI automation to send text and files to WeChat, which matches the skill description. Minor inconsistency: SKILL.md and README ask you to grant macOS Accessibility permission to 'node', but the shipped scripts are bash + osascript/JXA. Granting permission to 'node' may be required by the gateway/runtime, but the package itself does not declare or require Node explicitly.
Instruction Scope
Runtime instructions and the scripts operate only on the WeChat UI: activating WeChat, searching contacts, clicking the input field, setting the clipboard, and sending Enter. They do not call external network endpoints, nor read arbitrary system files (the image script reads only the provided file path). They do use the clipboard (the message and file are placed on clipboard) and compute click coordinates from window bounds; this can misaddress messages if the search returns unexpected results.
Install Mechanism
Instruction-only with embedded scripts and no installation/download steps. No external packages or network pulls are performed during install. Low install-surface risk.
Credentials
No API keys or config files are requested (good). However, the skill explicitly requires granting macOS Accessibility permission to 'node' (or the runtime), which is a high-privilege request: Accessibility access allows controlling other apps and synthesizing input system-wide. This is functionally required for GUI automation but is a broad privilege and should be granted only to a trusted process/user.
Persistence & Privilege
The skill does not request permanent 'always' inclusion and does not modify other skills. The main privilege concern is the need for macOS Accessibility (a system-level permission) granted to whatever runtime executes the scripts — this is not persistence in the registry sense but is a powerful system-level capability.
What to consider before installing
What to consider before installing:
- The scripts do what they claim: control the WeChat GUI using AppleScript/JXA and the clipboard. That requires macOS Accessibility (UI automation) permission for the process that runs the scripts — this is powerful: any process granted that permission can synthesize keystrokes and clicks in other apps.
- Verify who will receive the Accessibility permission. If your OpenClaw gateway runs as a Node process, the README's reference to 'node' may be correct; but if you grant Accessibility to a general-purpose Node binary or Terminal, other Node-based tools could misuse that ability. Prefer granting the permission only to a dedicated, trusted runtime binary or a specific Terminal app you control.
- Review the two scripts yourself (they are small and included). They do not send data externally, but they place message text and file references on your clipboard; be aware of clipboard contents.
- Test carefully with a harmless/dummy account or contact first to confirm the contact-selection behavior and window-position-dependent clicks before sending any sensitive messages.
- If you are uncomfortable granting Accessibility broadly, do not install/run this skill. Alternative safer approaches: run the AppleScript commands manually, or adjust the environment so only a narrowly-scoped process has automation permission.
- If you want higher assurance, ask the publisher for an explanation why 'node' specifically needs accessibility, and whether the gateway can be restricted to a dedicated binary or run under a dedicated user account.Like a lobster shell, security has layers — review code before you run it.
Current versionv1.0.0
Download ziplatest
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
OSmacOS
SKILL.md
WeChat Send
Send messages to WeChat contacts by automating the macOS WeChat desktop app.
Prerequisites
- WeChat for Mac installed and logged in
- macOS Accessibility permission granted to
node(System Settings → Privacy & Security → Accessibility) - WeChat window must be open (not minimized to dock)
Usage
Run the scripts:
# Send text
bash scripts/wechat_send.sh "<contact_name>" "<message>"
# Send an image (or any file attachable by WeChat)
bash scripts/wechat_send_image.sh "<contact_name>" "/path/to/image.png"
Examples
# Send a simple message
bash scripts/wechat_send.sh "Ryan" "你好!"
# Send a longer message
bash scripts/wechat_send.sh "Ellison" "明天下午3点开会,别忘了带文件"
# Send a screenshot
bash scripts/wechat_send_image.sh "Family" "/Users/you/Desktop/screen.png"
How It Works
- Activates WeChat and opens search (Cmd+F)
- Types the contact name, selects the first result (Enter), closes search (Escape)
- Clicks the message input field using JXA CGEvent mouse simulation
- Pastes the message from clipboard (Cmd+V) and sends (Enter)
Limitations
- Contact name must exactly match a WeChat contact (first search result is selected)
- Image/file sending depends on WeChat accepting paste-from-clipboard as an attachment (works for common formats like PNG/JPG)
- Cannot read incoming messages
- WeChat window position affects click coordinates (auto-calculated from window bounds)
- If the contact search returns wrong results, the message goes to the wrong person — use specific names
- Only one message at a time; for multiple recipients, call the script multiple times
Troubleshooting
- Message not sent: Ensure WeChat window is visible (not minimized) and the correct contact was found
- Accessibility error: Re-grant node permission in System Settings → Accessibility, then restart the gateway
- Wrong contact: Use a more specific name to avoid ambiguous search results
Files
4 totalSelect a file
Select a file to preview.
Comments
Loading comments…