← 返回 Skills 市场
jarryxin

WeChat Auto Reply (V26 Safe)

作者 Jarryxin · GitHub ↗ · v1.1.0 · MIT-0
cross-platform ⚠ suspicious
188
总下载
0
收藏
0
当前安装
5
版本数
在 OpenClaw 中安装
/install wechat-auto-reply-ai
功能描述
Monitors a detached WeChat Mac window via OCR and automatically replies using a customizable AI persona with safety locks to prevent interference.
安全使用建议
This package's code implements the WeChat auto-reply behavior described, but the registry metadata is incomplete: the SKILL.md and scripts require external CLIs (peekaboo, summarize, gemini), macOS Screen Recording and Accessibility permissions, and a Gemini API key that the dashboard asks you to enter. Before installing or running: - Verify the source and integrity of the external CLIs (peekaboo, summarize, gemini). The scripts will call them and those tools may send images/text to remote services. - Inspect dashboard.py to see how the API key is stored/used; avoid entering long-lived/high-privilege keys unless you confirm they are stored safely (the code likely writes to ~/.openclaw/workspace files). - Be aware the skill simulates keystrokes and manipulates the clipboard, which can send arbitrary text/files from your machine — test first with a throwaway WeChat account and minimal permissions. - If you need this functionality, consider creating an isolated macOS user account or VM for running it, use an ephemeral API key (least privilege), and verify the provenance of any third-party CLI binaries before use. Because required binaries and secret handling are not declared in the registry, treat this as suspicious until you confirm where the external tools come from and how the API key is protected.
功能分析
Type: OpenClaw Skill Name: wechat-auto-reply-ai Version: 1.1.0 The skill bundle implements a WeChat auto-reply bot using high-risk capabilities such as screen capture, UI automation via AppleScript (osascript), and a local Flask web dashboard (dashboard.py). It contains several security vulnerabilities, most notably the extensive use of 'shell=True' in subprocess calls and 'os.system' for process management, which are susceptible to shell injection if target names or personas contain malicious characters. Furthermore, the dashboard listens on all network interfaces (0.0.0.0:5000) and handles sensitive Gemini API keys, potentially exposing the control interface and credentials to the local network. While these appear to be functional requirements or unintentional flaws rather than intentional malware, the combination of broad system permissions and weak input handling warrants a suspicious classification.
能力评估
Purpose & Capability
The code and SKILL.md functionality (monitor Mac WeChat UI via screenshots, OCR via 'summarize', generate replies via 'gemini', simulate keystrokes/clipboard and provide a Flask dashboard) are coherent with the skill name/description. However the registry metadata declares no required binaries or credentials while the SKILL.md and code explicitly require several external CLIs ('peekaboo', 'summarize', 'gemini'), macOS Screen Recording/Accessibility permissions, and a Gemini API key. The omission in metadata is an inconsistency and reduces transparency.
Instruction Scope
Runtime instructions and code perform broad UI automation: capturing screenshots of the WeChat window, writing state and history under ~/.openclaw/workspace, injecting clipboard contents, simulating paste/Return keystrokes, and running long-lived monitor loops that auto-send messages. The dashboard asks the user to provide a Gemini API key via the UI. The code calls external CLIs (summarize/gemini) which will likely send image/text to remote LLM/vision services — this external network activity is not spelled out in the registry metadata. All of these behaviors go beyond innocuous helpers and should be understood before use.
Install Mechanism
There is no install spec (instruction-only in registry), yet the bundle includes Python scripts and a requirements.txt (flask). More importantly, the code depends on non-Python CLIs ('peekaboo', 'summarize', 'gemini', native 'sips', 'screencapture') that are not declared as required binaries. That mismatch is a red flag: runtime will fail or behave unexpectedly if these tools differ in provenance or aren't installed, and the skill gives no guidance on obtaining/verifying them.
Credentials
The registry lists no required environment variables or primary credential, but SKILL.md and the dashboard explicitly require a Gemini API key (entered into the web UI). The code likely writes state and parsed JSON (including 'accumulated_history') to files under ~/.openclaw/workspace — the dashboard may persist the API key or pass it to child processes. Secrets handling is not declared or explained, which is disproportionate to the metadata and creates risk of secret persistence/exposure.
Persistence & Privilege
The skill does not set always:true and is user-invocable (normal). It runs long-lived monitoring loops and writes state under the user's home (~/.openclaw/workspace/memory/wechat_skill). It requires macOS Accessibility and Screen Recording permissions to perform keystroke/clipboard automation — these are necessary for the stated purpose but grant high local privileges (ability to send arbitrary UI input and read screen contents).
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install wechat-auto-reply-ai
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /wechat-auto-reply-ai 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.1.0
feat: V5.0 with Web Dashboard
v1.0.3
fix: add 45s timeout to subprocess.run to prevent peekaboo swift bridge hanging
v1.0.2
Added support for recognizing standalone emojis and images.
v1.0.1
Added support for recognizing standalone emojis and images.
v1.0.0
wechat-auto-reply 1.0.0 - Initial release with core monitor script (monitor.py) for WeChat auto-reply via UI automation on macOS. - Requires WeChat Desktop on macOS and detached chat windows for safe automation. - Features robust OCR-based message reading and LLM-driven replies with customizable persona. - Includes "Safety Lock" focus checks to prevent cross-application interference before auto-reply actions. - Provides clear instructions for setup, background process management, and configuration.
元数据
Slug wechat-auto-reply-ai
版本 1.1.0
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 5
常见问题

WeChat Auto Reply (V26 Safe) 是什么?

Monitors a detached WeChat Mac window via OCR and automatically replies using a customizable AI persona with safety locks to prevent interference. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 188 次。

如何安装 WeChat Auto Reply (V26 Safe)?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install wechat-auto-reply-ai」即可一键安装,无需额外配置。

WeChat Auto Reply (V26 Safe) 是免费的吗?

是的,WeChat Auto Reply (V26 Safe) 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

WeChat Auto Reply (V26 Safe) 支持哪些平台?

WeChat Auto Reply (V26 Safe) 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 WeChat Auto Reply (V26 Safe)?

由 Jarryxin(@jarryxin)开发并维护,当前版本 v1.1.0。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论