Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
OpenClaw
Suspicious
medium confidencePurpose & Capability
The declared purpose (create AI partner persona, optionally from chat logs) matches the included tools: chat_parser.py, wechat_decryptor.py and skill_writer.py are coherent with 'chat import → persona generation → write skill' flow. However, the presence of a WeChat decryptor that extracts keys from running processes (README and requirements mention pymem/psutil) is powerful and sensitive even though it is relevant to the stated feature.
Instruction Scope
SKILL.md explicitly instructs executing local Python scripts to extract/decrypt WeChat databases, parse iMessage/SQLite DBs, and write full chat archives into .claude/skills/{slug}/knowledge/chats. Those instructions ask the agent to read local private data (message databases, process memory) and to store them on disk. There are no instructions to upload data to external servers, but local collection and decryption of sensitive user data is high-risk and should be deliberate and consented.
Install Mechanism
No runtime install spec is present (instruction-only), so nothing is auto-downloaded by the platform. However, README and SKILL.md list additional Python dependencies (pycryptodome, psutil, pymem, pypinyin) required for WeChat decryption, while requirements.txt only includes pypinyin — a mismatch. Because execution relies on local Python scripts, installing their dependencies manually is required and should be reviewed before running.
Credentials
The skill declares no required env vars or credentials, which is consistent on paper. In practice the tools require access to local WeChat/iMessage DB files and to running process memory (per README: extracting keys from WeChat process using psutil/pymem). Access to process memory and user databases is highly privileged relative to the simple UI of 'create a persona' and has strong privacy implications. No external credentials are requested, and no network endpoints are visible in the provided materials, but you should verify the tools don't exfiltrate data.
Persistence & Privilege
The skill writes persistent files to .claude/skills/{slug}/ (persona.md, relationship.md, SKILL.md, meta.json) and creates symlinks into global skill directories (~/.claude/skills, ~/.openclaw/workspace/skills). This is coherent with making created personas available, but it means decrypted chat exports and relationship memory will be stored on disk. The skill is not 'always: true' and does not automatically modify other skills' configurations, though it does create/cleanup global symlinks.
What to consider before installing
This skill does what it says, but it performs sensitive local operations (decrypting WeChat databases, extracting keys from process memory, parsing and storing chat histories). Before installing or running: 1) Inspect tools/wechat_decryptor.py and tools/chat_parser.py for any network activity (requests, sockets, upload logic) or unexpected file targets. 2) Don't run the decryptor unless you understand and consent to it reading process memory and local WeChat files; run it in a sandbox or VM if possible. 3) Be aware decrypted chats are stored under .claude/skills/{slug}/knowledge/chats — treat that data like sensitive personal data and back it up/secure or delete when done. 4) Note the repo's requirements mismatch (requirements.txt only lists pypinyin while README mentions pycryptodome, psutil, pymem) — install dependencies deliberately and review them. 5) If you don’t need chat-import, prefer using the 'smart matching' or manual description paths to avoid giving the skill access to private chat data. If you want higher assurance, request the full source of tools/wechat_decryptor.py for review or run the project in an isolated environment.Like a lobster shell, security has layers — review code before you run it.
latestvk9744864cfexc10cme933dnk4s849fef
License
MIT-0
Free to use, modify, and redistribute. No attribution required.