← 返回 Skills 市场
343
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install wechat-message-sender
功能描述
Automate sending text messages and images/files in the macOS WeChat desktop app by controlling the UI via AppleScript and JXA. This is NOT a WeChat chat chan...
安全使用建议
What to consider before installing:
- The scripts do what they claim: control the WeChat GUI using AppleScript/JXA and the clipboard. That requires macOS Accessibility (UI automation) permission for the process that runs the scripts — this is powerful: any process granted that permission can synthesize keystrokes and clicks in other apps.
- Verify who will receive the Accessibility permission. If your OpenClaw gateway runs as a Node process, the README's reference to 'node' may be correct; but if you grant Accessibility to a general-purpose Node binary or Terminal, other Node-based tools could misuse that ability. Prefer granting the permission only to a dedicated, trusted runtime binary or a specific Terminal app you control.
- Review the two scripts yourself (they are small and included). They do not send data externally, but they place message text and file references on your clipboard; be aware of clipboard contents.
- Test carefully with a harmless/dummy account or contact first to confirm the contact-selection behavior and window-position-dependent clicks before sending any sensitive messages.
- If you are uncomfortable granting Accessibility broadly, do not install/run this skill. Alternative safer approaches: run the AppleScript commands manually, or adjust the environment so only a narrowly-scoped process has automation permission.
- If you want higher assurance, ask the publisher for an explanation why 'node' specifically needs accessibility, and whether the gateway can be restricted to a dedicated binary or run under a dedicated user account.
功能分析
Type: OpenClaw Skill
Name: wechat-message-sender
Version: 1.0.0
The skill automates the WeChat macOS desktop application using AppleScript and JXA (JavaScript for Automation), which requires broad Accessibility permissions. While the functionality aligns with the stated purpose, the scripts (wechat_send.sh and wechat_send_image.sh) are vulnerable to AppleScript injection because user-provided inputs like contact names and messages are directly concatenated into AppleScript strings without sanitization. This could allow for arbitrary command execution on the host system if the agent is prompted with specially crafted input.
能力评估
Purpose & Capability
The scripts clearly implement GUI automation to send text and files to WeChat, which matches the skill description. Minor inconsistency: SKILL.md and README ask you to grant macOS Accessibility permission to 'node', but the shipped scripts are bash + osascript/JXA. Granting permission to 'node' may be required by the gateway/runtime, but the package itself does not declare or require Node explicitly.
Instruction Scope
Runtime instructions and the scripts operate only on the WeChat UI: activating WeChat, searching contacts, clicking the input field, setting the clipboard, and sending Enter. They do not call external network endpoints, nor read arbitrary system files (the image script reads only the provided file path). They do use the clipboard (the message and file are placed on clipboard) and compute click coordinates from window bounds; this can misaddress messages if the search returns unexpected results.
Install Mechanism
Instruction-only with embedded scripts and no installation/download steps. No external packages or network pulls are performed during install. Low install-surface risk.
Credentials
No API keys or config files are requested (good). However, the skill explicitly requires granting macOS Accessibility permission to 'node' (or the runtime), which is a high-privilege request: Accessibility access allows controlling other apps and synthesizing input system-wide. This is functionally required for GUI automation but is a broad privilege and should be granted only to a trusted process/user.
Persistence & Privilege
The skill does not request permanent 'always' inclusion and does not modify other skills. The main privilege concern is the need for macOS Accessibility (a system-level permission) granted to whatever runtime executes the scripts — this is not persistence in the registry sense but is a powerful system-level capability.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install wechat-message-sender - 安装完成后,直接呼叫该 Skill 的名称或使用
/wechat-message-sender触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
- Initial release of WeChat message sending automation for macOS.
- Send text messages and images/files to individual WeChat contacts by controlling the WeChat desktop app’s UI.
- Uses AppleScript and JXA to automate contact search, message pasting, and sending.
- Requires WeChat for Mac, Accessibility permissions, and the app window to be open.
- Does not support reading messages, group management, or use as a chat channel.
元数据
常见问题
WeChat Send 是什么?
Automate sending text messages and images/files in the macOS WeChat desktop app by controlling the UI via AppleScript and JXA. This is NOT a WeChat chat chan... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 343 次。
如何安装 WeChat Send?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install wechat-message-sender」即可一键安装,无需额外配置。
WeChat Send 是免费的吗?
是的,WeChat Send 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
WeChat Send 支持哪些平台?
WeChat Send 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(darwin)。
谁开发了 WeChat Send?
由 Honcy Ye(@yeholdon)开发并维护,当前版本 v1.0.0。
推荐 Skills