← Back to Skills Marketplace
26048608982lp-ai

WeChat File Sender

by 26048608982lp-ai · GitHub ↗ · v1.0.1 · MIT-0
cross-platform ⚠ suspicious
171
Downloads
0
Stars
0
Active Installs
2
Versions
Install in OpenClaw
/install wechat-file-sender
Description
Send files via Windows WeChat desktop client by automating window control, clipboard, and keyboard input using Node.js and PowerShell scripts.
Usage Guidance
What to consider before installing: - The skill will open WeChat and cause the client to send whatever local file you pass; that is network transmission by WeChat even though the script itself makes no direct network calls. Do not use this on sensitive files unless you intend to send them. - Inspect the included PowerShell (send-file.ps1) yourself before running. The skill runs it with -ExecutionPolicy Bypass; that is needed for operation but also means the script will run even if system policies normally block .ps1 files. If the script is tampered with, that bypass could enable execution of malicious PowerShell. - Test with a harmless file and a trusted contact first. The automation uses clipboard and SendKeys and will affect the active desktop (it brings the WeChat window to foreground), so it can disrupt other user activity. - If you plan to allow autonomous agent use of this skill, be cautious: an agent with access to local files could use this skill to exfiltrate data to any WeChat contact. Consider restricting autonomous invocation or requiring explicit human approval for each run. - Prefer running in a sandbox/VM if you want to limit blast radius, and ensure the skill package files are obtained from a trusted source or re-audit them periodically. - Overall: functionality is coherent with the stated purpose, but the "no data exfiltration" claim is misleading and you should verify scripts and control invocation policies before using on sensitive data.
Capability Analysis
Type: OpenClaw Skill Name: wechat-file-sender Version: 1.0.1 The skill automates the Windows WeChat client using PowerShell and UI automation, which are high-risk capabilities. While the developer included security notes and input validation, a command injection vulnerability exists in `scripts/send-file-to-wechat.js`. The `filePath` validation only ensures the path is absolute and fails to sanitize shell metacharacters (like '&'), and the attempt to escape double quotes using `\"` is ineffective against the Windows CMD shell used by `execSync`. This could allow arbitrary command execution if an attacker controls the file path.
Capability Assessment
Purpose & Capability
Name/description align with provided files and instructions: the JS + PowerShell use Windows UI Automation, clipboard, and Win32 calls to control the WeChat desktop client. No unrelated credentials, binaries, or packages are requested.
Instruction Scope
The SKILL.md and scripts perform window automation, clipboard manipulation, and will cause the WeChat client to transmit the chosen file to a contact. The skill claims "No network calls, no data exfiltration," which is misleading because sending a file via the user’s WeChat client will transmit that file off the machine. The instructions also require running a bundled PowerShell script with ExecutionPolicy Bypass — appropriate for operation but a notable security vector if the script is modified or misused.
Install Mechanism
Instruction-only skill (no install spec) with included JS and inline PowerShell source. Nothing is downloaded from external URLs during install, so no additional install-related network risk is introduced by the skill itself.
Credentials
No environment variables, credentials, or config paths are requested. The skill requires local file-system access to whichever absolute path the caller supplies (expected for a file-sender), and it runs PowerShell with -ExecutionPolicy Bypass which is local but worth noting as it allows the included script to run without changing system policy.
Persistence & Privilege
always:false (normal) and the skill does not request system-wide persistence. However, the platform default allows autonomous invocation; combined with the ability to read local files and send them via WeChat, this increases potential for unwanted transmission of sensitive files if the agent is permitted to run the skill without human oversight.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install wechat-file-sender
  3. After installation, invoke the skill by name or use /wechat-file-sender
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.1
- Improved documentation in SKILL.md: now includes PowerShell script source, usage security notice, and install instructions. - Enhanced security details: filePath must be absolute, contactName is validated, and no network/data exfiltration occurs. - Clarified steps, requirements, and implementation notes to make usage and auditing easier. - Outlined explicit OpenClaw trigger phrases and command line usage.
v1.0.0
Initial release of wechat-file-sender. - Send files to any WeChat contact via Windows desktop client using RPA automation. - Includes PowerShell core script and Node.js wrapper for easy command line use. - No admin rights required; relies on Windows Automation API and SendKeys. - Clipboard handling and window focus robustly managed for reliable file transfer. - Supports Chinese contact names via clipboard paste. - Can be triggered from command line or OpenClaw with natural language phrases.
Metadata
Slug wechat-file-sender
Version 1.0.1
License MIT-0
All-time Installs 0
Active Installs 0
Total Versions 2
Frequently Asked Questions

What is WeChat File Sender?

Send files via Windows WeChat desktop client by automating window control, clipboard, and keyboard input using Node.js and PowerShell scripts. It is an AI Agent Skill for Claude Code / OpenClaw, with 171 downloads so far.

How do I install WeChat File Sender?

Run "/install wechat-file-sender" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is WeChat File Sender free?

Yes, WeChat File Sender is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does WeChat File Sender support?

WeChat File Sender is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created WeChat File Sender?

It is built and maintained by 26048608982lp-ai (@26048608982lp-ai); the current version is v1.0.1.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments