← Back to Skills Marketplace
188
Downloads
0
Stars
0
Active Installs
5
Versions
Install in OpenClaw
/install wechat-auto-reply-ai
Description
Monitors a detached WeChat Mac window via OCR and automatically replies using a customizable AI persona with safety locks to prevent interference.
Usage Guidance
This package's code implements the WeChat auto-reply behavior described, but the registry metadata is incomplete: the SKILL.md and scripts require external CLIs (peekaboo, summarize, gemini), macOS Screen Recording and Accessibility permissions, and a Gemini API key that the dashboard asks you to enter. Before installing or running:
- Verify the source and integrity of the external CLIs (peekaboo, summarize, gemini). The scripts will call them and those tools may send images/text to remote services.
- Inspect dashboard.py to see how the API key is stored/used; avoid entering long-lived/high-privilege keys unless you confirm they are stored safely (the code likely writes to ~/.openclaw/workspace files).
- Be aware the skill simulates keystrokes and manipulates the clipboard, which can send arbitrary text/files from your machine — test first with a throwaway WeChat account and minimal permissions.
- If you need this functionality, consider creating an isolated macOS user account or VM for running it, use an ephemeral API key (least privilege), and verify the provenance of any third-party CLI binaries before use.
Because required binaries and secret handling are not declared in the registry, treat this as suspicious until you confirm where the external tools come from and how the API key is protected.
Capability Analysis
Type: OpenClaw Skill
Name: wechat-auto-reply-ai
Version: 1.1.0
The skill bundle implements a WeChat auto-reply bot using high-risk capabilities such as screen capture, UI automation via AppleScript (osascript), and a local Flask web dashboard (dashboard.py). It contains several security vulnerabilities, most notably the extensive use of 'shell=True' in subprocess calls and 'os.system' for process management, which are susceptible to shell injection if target names or personas contain malicious characters. Furthermore, the dashboard listens on all network interfaces (0.0.0.0:5000) and handles sensitive Gemini API keys, potentially exposing the control interface and credentials to the local network. While these appear to be functional requirements or unintentional flaws rather than intentional malware, the combination of broad system permissions and weak input handling warrants a suspicious classification.
Capability Assessment
Purpose & Capability
The code and SKILL.md functionality (monitor Mac WeChat UI via screenshots, OCR via 'summarize', generate replies via 'gemini', simulate keystrokes/clipboard and provide a Flask dashboard) are coherent with the skill name/description. However the registry metadata declares no required binaries or credentials while the SKILL.md and code explicitly require several external CLIs ('peekaboo', 'summarize', 'gemini'), macOS Screen Recording/Accessibility permissions, and a Gemini API key. The omission in metadata is an inconsistency and reduces transparency.
Instruction Scope
Runtime instructions and code perform broad UI automation: capturing screenshots of the WeChat window, writing state and history under ~/.openclaw/workspace, injecting clipboard contents, simulating paste/Return keystrokes, and running long-lived monitor loops that auto-send messages. The dashboard asks the user to provide a Gemini API key via the UI. The code calls external CLIs (summarize/gemini) which will likely send image/text to remote LLM/vision services — this external network activity is not spelled out in the registry metadata. All of these behaviors go beyond innocuous helpers and should be understood before use.
Install Mechanism
There is no install spec (instruction-only in registry), yet the bundle includes Python scripts and a requirements.txt (flask). More importantly, the code depends on non-Python CLIs ('peekaboo', 'summarize', 'gemini', native 'sips', 'screencapture') that are not declared as required binaries. That mismatch is a red flag: runtime will fail or behave unexpectedly if these tools differ in provenance or aren't installed, and the skill gives no guidance on obtaining/verifying them.
Credentials
The registry lists no required environment variables or primary credential, but SKILL.md and the dashboard explicitly require a Gemini API key (entered into the web UI). The code likely writes state and parsed JSON (including 'accumulated_history') to files under ~/.openclaw/workspace — the dashboard may persist the API key or pass it to child processes. Secrets handling is not declared or explained, which is disproportionate to the metadata and creates risk of secret persistence/exposure.
Persistence & Privilege
The skill does not set always:true and is user-invocable (normal). It runs long-lived monitoring loops and writes state under the user's home (~/.openclaw/workspace/memory/wechat_skill). It requires macOS Accessibility and Screen Recording permissions to perform keystroke/clipboard automation — these are necessary for the stated purpose but grant high local privileges (ability to send arbitrary UI input and read screen contents).
How to Use
- Make sure OpenClaw is installed (local or Docker)
- Run the install command in chat:
/install wechat-auto-reply-ai - After installation, invoke the skill by name or use
/wechat-auto-reply-ai - Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.1.0
feat: V5.0 with Web Dashboard
v1.0.3
fix: add 45s timeout to subprocess.run to prevent peekaboo swift bridge hanging
v1.0.2
Added support for recognizing standalone emojis and images.
v1.0.1
Added support for recognizing standalone emojis and images.
v1.0.0
wechat-auto-reply 1.0.0
- Initial release with core monitor script (monitor.py) for WeChat auto-reply via UI automation on macOS.
- Requires WeChat Desktop on macOS and detached chat windows for safe automation.
- Features robust OCR-based message reading and LLM-driven replies with customizable persona.
- Includes "Safety Lock" focus checks to prevent cross-application interference before auto-reply actions.
- Provides clear instructions for setup, background process management, and configuration.
Metadata
Frequently Asked Questions
What is WeChat Auto Reply (V26 Safe)?
Monitors a detached WeChat Mac window via OCR and automatically replies using a customizable AI persona with safety locks to prevent interference. It is an AI Agent Skill for Claude Code / OpenClaw, with 188 downloads so far.
How do I install WeChat Auto Reply (V26 Safe)?
Run "/install wechat-auto-reply-ai" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.
Is WeChat Auto Reply (V26 Safe) free?
Yes, WeChat Auto Reply (V26 Safe) is completely free, licensed under MIT-0. You can download, install and use it at no cost.
Which platforms does WeChat Auto Reply (V26 Safe) support?
WeChat Auto Reply (V26 Safe) is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).
Who created WeChat Auto Reply (V26 Safe)?
It is built and maintained by Jarryxin (@jarryxin); the current version is v1.1.0.
More Skills