Back to skill
Skillv1.1.3
VirusTotal security
微信QQ自动发消息 · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 5:32 AM
- Hash
- c5cecc8d8feedee009932401753238b6cc0a0674f85d62769542455ddba7c826
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: wechat-qq-sender Version: 1.1.3 The skill bundle provides Windows GUI automation for WeChat and QQ using pyautogui, pygetwindow, and EasyOCR. It contains high-risk capabilities including screen capturing (ImageGrab), clipboard manipulation (pyperclip), and simulated keyboard/mouse control, which are used to scrape chat history and send messages. While the logic in chat_assistant_v2.py and qq_capture_and_reply.py appears aligned with the stated purpose and includes local-only storage and user confirmation prompts, the broad access to sensitive communication interfaces and desktop control constitutes a significant security risk.
- External report
- View on VirusTotal