ClawHub

WeChat Send

Security checks across malware telemetry and agentic risk

Overview

This skill clearly does what it claims, but it needs review because it can immediately send WeChat messages or local files from the user's logged-in account without a final confirmation step.

Install only if you are comfortable letting an agent control your logged-in WeChat desktop app to send messages and files. Use exact contact names, keep the WeChat window visible, avoid passing untrusted message text or unusual file paths, and prefer adding or requiring a manual confirmation step before the final Enter keypress.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill explicitly automates WeChat GUI actions to send messages and files, but the documentation does not clearly warn that it uses clipboard contents and macOS UI control to transmit data to external recipients. This creates a real user-safety issue because users may not fully understand that local clipboard data is manipulated and content is sent out-of-band through a consumer messaging app, increasing risk of accidental disclosure or misdelivery.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The script performs an irreversible UI action by pressing Enter to send the message immediately after populating the WeChat compose box, with no confirmation, dry-run mode, or final validation of the selected recipient and message text. In a GUI-automation context, timing issues, stale search results, or focus mistakes can cause a message to be sent to the wrong chat, making this more dangerous than a normal scripted API call because the script cannot reliably verify application state before sending.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The script unconditionally pastes and sends the selected file to the resolved WeChat chat by pressing Enter, with no user confirmation, preview validation, or recipient verification immediately before transmission. In a GUI-automation context, mis-targeting the wrong contact or sending the wrong file is realistic and can cause unintended disclosure of sensitive local files, especially because the skill is explicitly designed to act on the user's behalf in a live messaging app.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal