WeChat Moments Post
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: wechat-moments-post Version: 1.0.0 The skill bundle automates WeChat Moments posting using UI automation techniques that involve high-risk primitives, such as launching an executable from an environment variable (`WECHAT_EXE`) via `subprocess.Popen` in `relaunch_wechat_open_moments.py` and capturing screen content with `PIL.ImageGrab` for OCR processing in `click_publish_ocr.py` and `publish_with_caption_verify.py`. While these capabilities are aligned with the stated purpose of automating a desktop application, the lack of input validation on the executable path and the broad use of screen capture are inherently risky behaviors. No evidence of intentional malice, such as data exfiltration or unauthorized remote control, was observed.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the skill is invoked with the wrong image, caption, or WeChat account active, it can publish a Moments post visible to the user's social audience.
The script pastes the caption and then clicks the OCR-detected Publish button directly, with no explicit final confirmation or preview gate before posting.
pyautogui.hotkey("ctrl", "v") ... if "发表" in txt: ... pyautogui.click(x, y)Add an explicit final confirmation step that shows the target account, image path, and caption before clicking Publish; consider a dry-run mode and require user approval for the final click.
Any successful post is made as the currently logged-in WeChat user; there is no separate least-privilege token or account scoping shown.
The skill relies on the already logged-in WeChat desktop session and therefore acts with that account's full posting authority.
依赖已登录微信;若被踢下线需人工扫码登录。
Use only with the intended WeChat account logged in, verify the caption and image before running, and log out or close WeChat when not using the automation.
Private WeChat content or other on-screen data may remain in the temporary screenshot directory after the automation finishes.
The script stores screenshots for OCR/debugging, including a full-screen screenshot after the publish attempt; these local files may contain the caption, WeChat content, or other visible desktop information.
ImageGrab.grab(bbox=(w.left, w.top, w.left + w.width, w.top + w.height)).save(str(crop_path)) ... ImageGrab.grab().save(str(TMP_DIR / "after_publish_attempt.png"))
Set WECHAT_MOMENTS_TMP to a known private folder, delete screenshots after use, and avoid running while unrelated sensitive windows are visible.
A user may need to install dependencies separately and must trust whatever package versions are obtained outside this artifact set.
The supplied package contains Python automation scripts but no pinned dependency or installation specification, while the code imports external GUI/OCR packages.
No install spec — this is an instruction-only skill.
Provide a pinned dependency file or install spec, declare required environment variables and Windows-only operation in metadata, and install dependencies only from trusted sources.