Back to skill
Skillv1.0.1
VirusTotal security
Wecom Add Friend · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 6:05 AM
- Hash
- 6189d2f254d903d545787c391faaa514b35796cbeda5d7e5eb3fc10f40f6bcb4
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: wecom-add-friend Version: 1.0.1 The skill implements GUI automation for the WeChat Work (WeCom) PC client using high-risk libraries like `pyautogui` and `pygetwindow`, along with `subprocess` calls. While these capabilities are aligned with the stated purpose of automating friend requests, the inherent risk of desktop automation and the use of `shell=True` in `bin/wecom_auto_add.py` warrant a suspicious classification. The script includes a manual coordinate setup process and hardcoded test phone numbers (e.g., 18655104861), but no evidence of intentional malice, data exfiltration, or prompt injection was found.
- External report
- View on VirusTotal