WeChat Send
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: wechat-message-sender Version: 1.0.0 The skill automates the WeChat macOS desktop application using AppleScript and JXA (JavaScript for Automation), which requires broad Accessibility permissions. While the functionality aligns with the stated purpose, the scripts (wechat_send.sh and wechat_send_image.sh) are vulnerable to AppleScript injection because user-provided inputs like contact names and messages are directly concatenated into AppleScript strings without sanitization. This could allow for arbitrary command execution on the host system if the agent is prompted with specially crafted input.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If untrusted text is passed as a contact name or message, it could potentially run unintended local AppleScript or shell actions as the user, not just send a WeChat message.
The contact and message values are user-controlled and are embedded directly into AppleScript source without AppleScript-safe escaping. Crafted quotes or AppleScript syntax could change what osascript executes.
CONTACT="$1" MESSAGE="$2" ... osascript -e "... set the clipboard to \"$CONTACT\" ..." ... osascript -e " set the clipboard to \"$MESSAGE\"
Pass values to osascript safely, such as through argv/stdin/environment variables with proper AppleScript quoting, and reject or encode dangerous characters before execution.
A message or file could be sent to the wrong WeChat contact if search results are ambiguous or the UI focus is wrong.
The workflow automatically selects the first WeChat search result and sends immediately. This is disclosed and purpose-aligned, but it has real account-impact if the recipient match is ambiguous.
Types the contact name, selects the first result (Enter)... Pastes the message from clipboard (Cmd+V) and sends (Enter)... If the contact search returns wrong results, the message goes to the wrong person
Use exact contact names, avoid batch sends unless reviewed carefully, and consider adding a confirmation step before pressing Enter to send.
While running, the automation can act through the user's WeChat account and the Accessibility grant to node is broader than WeChat alone.
The skill relies on the user's existing WeChat login and a broad macOS Accessibility permission to control the desktop UI.
WeChat for Mac installed and logged in... macOS Accessibility permission granted to `node`
Grant Accessibility permission only if you trust the skill and runtime, monitor sends, and revoke the permission when no longer needed.