Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
给微信的联系人或者群发送信息
v1.0.2Windows 电脑端微信消息自动发送技能,通过键盘模拟给指定联系人发送消息。快捷命令:wt
⭐ 0· 93·0 current·0 all-time
by返璞归真@zhangpuego123
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
Functionality in send_batch.py and server.py matches the description: keyboard simulation (pyautogui/pyperclip) to open WeChat, search contacts, paste and send messages. However, requirements.txt includes OCR/Computer Vision packages (pytesseract, opencv-python) that are not used by the provided code, which is disproportionate to the stated simple keyboard-simulation purpose. Also package/owner metadata in _meta.json and .clawhub/origin.json do not match the registry metadata (different ownerId and slug), which is inconsistent with the claimed source.
Instruction Scope
SKILL.md and scripts instruct the agent/user to run local Python scripts that will activate the WeChat window and simulate keystrokes — this is appropriate for the stated task. The code reads/writes a local queue file (send_queue.json) and may read test_config.json if present. There are no instructions to read unrelated user files or environment variables. Important: server.py implements a JSON-RPC stdin/stdout tool interface so an agent/process can call wechat_send_message and wechat_get_status programmatically; that enables silent/autonomous sending of messages if invoked by an agent or another process.
Install Mechanism
No install spec in registry (instruction-only), so nothing is automatically downloaded. A requirements.txt is included that pulls several third-party Python packages. The presence of unused heavy deps (pytesseract, opencv-python) increases attack surface and is not justified by SKILL.md or code; this is a maintenance/security concern but not direct evidence of maliciousness.
Credentials
The skill requests no environment variables, credentials, or external endpoints. That is proportionate to its purpose of local GUI automation. No secrets appear to be requested or used.
Persistence & Privilege
The skill exposes a long-running MCP-style tool loop (reads JSON requests on stdin and performs actions). With model invocation enabled (default), an agent could call the tool to send messages without explicit user prompts. Autonomous invocation alone isn’t always a problem, but combined with metadata inconsistencies and unexplained dependencies it raises the risk that the skill could be used to send messages unexpectedly. always:false mitigates some risk, but you should treat enabling autonomous calls carefully.
What to consider before installing
This skill appears to do what it says (simulate keyboard to send WeChat messages), but I recommend caution: 1) Verify the package origin — _meta.json and .clawhub/origin.json metadata differ from the registry metadata (ownerId/slug mismatch). 2) Inspect and remove any unnecessary dependencies (pytesseract, opencv) before installing — they increase attack surface. 3) Be aware server.py runs a JSON-RPC stdin/stdout loop that allows programmatic calls to send messages; do not allow autonomous model invocation or untrusted processes to call it if you don't want unattended sending. 4) Review any local test_config.json before running (it can change recipients). 5) Run first in a safe/test environment and observe behavior; avoid running while you are actively using the machine (the tool injects keystrokes). If you need help verifying the metadata or trimming dependencies, obtain the original upstream source or ask the publisher for clarification before installing.Like a lobster shell, security has layers — review code before you run it.
latestvk9738tx0jvbj97fqdd1tvj4e9983km38
License
MIT-0
Free to use, modify, and redistribute. No attribution required.