ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

微信智能聊天(MBTI版)

v1.0.9

微信聊天窗口自动监控、翻译和智能回复工具,集成 Qwen 大语言模型和百度翻译 API。

0· 57·0 current·0 all-time
by@chaoyi001
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description, declared env vars (QWEN_* and BAIDU_*), required Python packages, and the included Python code all match the stated goal of monitoring WeChat, calling a Qwen LLM and Baidu Translate, and automating clipboard/send actions.
Instruction Scope
SKILL.md and the code instruct the agent to read the Windows screen, detect windows titled with '微信', double-click/select/copy chat text from the clipboard, send that text to remote APIs (Qwen and Baidu), and automatically paste/send replies. That behavior is expected for the feature but has privacy implications because chat contents are transmitted to external services and replies can be sent without explicit per-message confirmation.
Install Mechanism
This is an instruction-only skill with a local Python script and a requirements list. There is no remote download or opaque install step in the manifest; dependencies are standard Python packages. No high-risk install URLs or archive extraction are present.
Credentials
Requested environment variables are limited to the LLM endpoint/key/path and Baidu APPID/APPKEY (plus optional endpoint/path). Those credentials are necessary for the declared network calls. No unrelated secrets or system-level credentials are requested.
Persistence & Privilege
The skill is not forced-always (always:false) and uses normal autonomous invocation. It does require clipboard and screen-control permissions to operate, but it does not request modification of other skills or system-wide configs.
Assessment
This skill will actively monitor your WeChat window, copy message text to the clipboard, and transmit message contents to the configured Qwen and Baidu endpoints — then it can automatically paste and send replies. Before installing: (1) Confirm you trust the Qwen endpoint and Baidu credentials you provide (these services will receive the chat text). (2) Test in a safe account or environment to avoid accidental messages being sent. (3) Review the included wechatai.py to ensure the coordinate clicks and automation match your setup. (4) If you are concerned about privacy, do not provide keys tied to sensitive data or consider running with a network policy or proxy to inspect outgoing requests. (5) Prefer installing only from a verified source; rotate API keys if you reuse them elsewhere.

Like a lobster shell, security has layers — review code before you run it.

latestvk97afx1mzy50bykj7fzyr3bxe584asy4

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🤖 Clawdis
OSWindows
EnvQWEN_BASE_URL, QWEN_API_KEY, QWEN_URL_PATH, BAIDU_APPID, BAIDU_APPKEY
Primary envQWEN_API_KEY

Comments