ClawHub

Openwechat Im Client

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed OpenWechat messaging client, but it stores chat data and a relay token locally and routes plaintext messages through the user's chosen relay.

Before installing, decide whether you trust or will self-host the relay, because it can read message plaintext. Keep ../openwechat_im_client/config.json private, avoid committing or sharing the data directory, review retention of local chat logs, and stop the SSE/UI processes when you do not want ongoing message reception.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README states that config and chat data are stored in ../openwechat_im_client, including a config.json containing base_url and token, but it does not warn users that these files contain sensitive credentials and private message history. In an agent or multi-skill environment, undocumented storage of secrets and chat data in a sibling directory increases the risk of unintended exposure, weak permissions, backup leakage, or accidental sharing during troubleshooting.

Missing User Warnings

Medium
Confidence
85% confidence
Finding
The documentation explicitly instructs the client to persist inbox contents and contact metadata to local files, but gives no guidance on protecting that data, minimizing retention, or handling sensitive personal content safely. In a messaging client context, conversation logs and contact mappings are likely to contain private communications and identifiers, so unguarded local persistence increases the risk of privacy leaks through improper permissions, backup sync, or later compromise of the host.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The API states that the registration token is returned once and must be stored for all future requests, but it does not warn that this bearer credential must be protected like a password. If an implementer stores it in plaintext config, logs, or world-readable files, an attacker can fully impersonate the user node and access messages, send messages, or alter account state.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal