Skillv1.0.0

ClawScan security

Wechat Automation · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 14, 2026, 6:47 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill claims to automate the WeChat desktop app on macOS but provides no scripts, no runtime instructions, and omits necessary OS-level permissions and delivery details — the pieces don't add up.
Guidance: This skill is incomplete and ambiguous. Before installing or using it, ask the publisher for the actual implementation: where is the script, what exact mechanism controls WeChat (AppleScript, third-party binary, Accessibility API), and what destinations are used when forwarding messages. Do not grant macOS Accessibility permissions or install any helper tools until you have reviewed the actual code and data-handling practices. Be especially cautious because forwarding features can leak private messages to external services; require a clear privacy/data-flow description and code you can audit. The presence of a price claim (¥99) without a purchase flow is another red flag — confirm purchase/process and inspect delivered artifacts before trusting the skill.

Review Dimensions

Purpose & Capability: concernThe name/description promise macOS desktop automation (auto-reply, summaries, forwarding) but the package is instruction-only and contains no scripts, binaries, or declared helpers. A real implementation would normally require either AppleScript/osascript, a helper binary, or explicit instructions to request macOS Accessibility permissions; none of that is declared. The SKILL.md also promises a "complete script + configuration guide" for a price, but no code or purchase flow is present — this is an inconsistency.
Instruction Scope: concernSKILL.md is vague and contains no concrete runtime commands for the agent to follow. It states "connect to WeChat (through macOS window control)" and lists features (auto-reply, forwarding) but gives no method, no endpoints for forwarding, and no guidance on data handling. The mention of forwarding to other platforms implies possible transmission of private messages to external services, but no destinations or safeguards are specified.
Install Mechanism: okThere is no install spec (instruction-only), which is lowest-risk from a code-install perspective. Nothing will be written to disk by the skill itself because there is no install step declared.
Credentials: noteThe skill declares no environment variables or credentials, which is appropriate on the surface. However, desktop automation on macOS typically requires Accessibility permissions and may need user credentials or helper tools — these OS-level permissions and any required helper tools are not mentioned. The omission makes it unclear what the agent or user will be asked to grant or install later.
Persistence & Privilege: okThe skill is not forced-always, does not request special platform persistence, and there is no indication it will modify other skills or global agent settings.