ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

WeChat Send

v1.0.0

Automate sending text messages in the macOS WeChat desktop app by controlling the UI via AppleScript and JXA. This is NOT a WeChat chat channel for OpenClaw...

0· 986·5 current·5 all-time
by@clk1st

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for clk1st/wechat-send.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "WeChat Send" (clk1st/wechat-send) from ClawHub.
Skill page: https://clawhub.ai/clk1st/wechat-send
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Canonical install target

openclaw skills install clk1st/wechat-send

ClawHub CLI

Package manager switcher

npx clawhub@latest install wechat-send
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
The script and SKILL.md align with the stated purpose of sending text via the WeChat macOS GUI using AppleScript/JXA. One inconsistency: the README/requirements repeatedly ask for macOS Accessibility permission granted to 'node', but the script runs osascript/osascript -l JavaScript (JXA) and bash — it does not invoke node. Requiring 'node' is likely an editing error and should be corrected to the actual runtime (Terminal, iTerm, the gateway process, or the node process only if you run it under node).
Instruction Scope
Instructions are scoped to activating WeChat, searching a contact, clicking the input field, setting the clipboard, and sending the message. Important side-effect: the script overwrites the system clipboard with the message (it does not restore the previous clipboard), which is a privacy/UX issue and should be documented or mitigated. The script only accesses args and UI; it does not read other files or network resources.
Install Mechanism
No install actions or remote downloads are performed (instruction-only plus a bundled shell script). Nothing is written to disk beyond the existing script file, so install risk is low.
Credentials
The skill requests no credentials or environment variables. The Accessibility permission it requires is proportional to the task (simulating keystrokes/mouse events).
Persistence & Privilege
The skill is not marked always:true and does not request persistent system-wide configuration. It requires Accessibility permission to simulate UI events, which is necessary for its function but should be granted only to the specific host process that will run the script.
Assessment
This skill is coherent with its stated purpose of GUI-automating WeChat on macOS, but check these before installing: (1) Correct the Accessibility guidance — grant permission to the app/process that will run the script (Terminal, your agent gateway, or node only if you actually run it via node), not 'node' by default. (2) The script overwrites your clipboard with the message and does not restore it; modify the script to save/restore the previous clipboard if that matters to you. (3) GUI automation can send input to the wrong contact if search results are ambiguous — test with a non-sensitive dummy contact first. (4) Only grant Accessibility to trusted processes and consider running the script in a controlled environment. If you want higher assurance, ask the author to (a) fix the node/accessibility documentation mismatch, (b) add logic to save and restore the clipboard, and (c) optionally confirm which host/process is expected to run the commands.

Like a lobster shell, security has layers — review code before you run it.

Runtime requirements

OSmacOS
automationvk97dw2y73t2mn0k280v6vb9yp582aq8rlatestvk97dw2y73t2mn0k280v6vb9yp582aq8rmacosvk97dw2y73t2mn0k280v6vb9yp582aq8rmessagingvk97dw2y73t2mn0k280v6vb9yp582aq8rwechatvk97dw2y73t2mn0k280v6vb9yp582aq8r
986downloads
0stars
1versions
Updated 2h ago
v1.0.0
MIT-0
macOS
@clk1st
automationlatestmacosmessagingwechat
Download

WeChat Send

Send messages to WeChat contacts by automating the macOS WeChat desktop app.

Prerequisites

  • WeChat for Mac installed and logged in
  • macOS Accessibility permission granted to node (System Settings → Privacy & Security → Accessibility)
  • WeChat window must be open (not minimized to dock)

Usage

Run the script:

bash scripts/wechat_send.sh "<contact_name>" "<message>"

Examples

# Send a simple message
bash scripts/wechat_send.sh "Ryan" "你好!"

# Send a longer message
bash scripts/wechat_send.sh "Ellison" "明天下午3点开会,别忘了带文件"

How It Works

  1. Activates WeChat and opens search (Cmd+F)
  2. Types the contact name, selects the first result (Enter), closes search (Escape)
  3. Clicks the message input field using JXA CGEvent mouse simulation
  4. Pastes the message from clipboard (Cmd+V) and sends (Enter)

Limitations

  • Contact name must exactly match a WeChat contact (first search result is selected)
  • Cannot send images or files (text only)
  • Cannot read incoming messages
  • WeChat window position affects click coordinates (auto-calculated from window bounds)
  • If the contact search returns wrong results, the message goes to the wrong person — use specific names
  • Only one message at a time; for multiple recipients, call the script multiple times

Troubleshooting

  • Message not sent: Ensure WeChat window is visible (not minimized) and the correct contact was found
  • Accessibility error: Re-grant node permission in System Settings → Accessibility, then restart the gateway
  • Wrong contact: Use a more specific name to avoid ambiguous search results

Comments

Loading comments...