WeChat Send
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
The skill mostly does what it says, but it uses powerful Mac UI automation to send WeChat messages/files and unsafely builds AppleScript from user-provided text.
Review this skill carefully before installing. It can send messages and files from your logged-in WeChat account, may send to the wrong contact if names are ambiguous, and currently handles contact/message/path input unsafely in AppleScript. Use only with trusted instructions, verify recipients, and grant macOS Accessibility permission only when needed.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If untrusted text is passed as a contact name or message, it could potentially run unintended local AppleScript or shell actions as the user, not just send a WeChat message.
The contact and message values are user-controlled and are embedded directly into AppleScript source without AppleScript-safe escaping. Crafted quotes or AppleScript syntax could change what osascript executes.
CONTACT="$1" MESSAGE="$2" ... osascript -e "... set the clipboard to \"$CONTACT\" ..." ... osascript -e " set the clipboard to \"$MESSAGE\"
Pass values to osascript safely, such as through argv/stdin/environment variables with proper AppleScript quoting, and reject or encode dangerous characters before execution.
A message or file could be sent to the wrong WeChat contact if search results are ambiguous or the UI focus is wrong.
The workflow automatically selects the first WeChat search result and sends immediately. This is disclosed and purpose-aligned, but it has real account-impact if the recipient match is ambiguous.
Types the contact name, selects the first result (Enter)... Pastes the message from clipboard (Cmd+V) and sends (Enter)... If the contact search returns wrong results, the message goes to the wrong person
Use exact contact names, avoid batch sends unless reviewed carefully, and consider adding a confirmation step before pressing Enter to send.
While running, the automation can act through the user's WeChat account and the Accessibility grant to node is broader than WeChat alone.
The skill relies on the user's existing WeChat login and a broad macOS Accessibility permission to control the desktop UI.
WeChat for Mac installed and logged in... macOS Accessibility permission granted to `node`
Grant Accessibility permission only if you trust the skill and runtime, monitor sends, and revoke the permission when no longer needed.