← 返回 Skills 市场
Wechat Qwen Reply
作者
chenxundaozu
· GitHub ↗
· v0.1.1
· MIT-0
307
总下载
1
收藏
0
当前安装
2
版本数
在 OpenClaw 中安装
/install wechat-qwen-reply
功能描述
WeChat chat reader + auto-reply (Qwen-VL vision + AHK send). Supports fast/slow capture, group nickname labels, file/red-packet cards, and filtering system m...
安全使用建议
This skill appears to be an OCR-based WeChat reader but is incomplete and tied to the developer's local paths. Before using: (1) do not run it as-is — the package is missing the referenced .ps1 and .ahk scripts and uses a hardcoded C:\Users\chenxun path; (2) inspect or provide your own capture (.ps1) and send (.ahk) scripts and place them in a safe workspace you control; (3) move the API key out of a hardcoded file into a properly scoped secret (or at least confirm the expected file location) and verify the dashscope endpoint is legitimate for your account; (4) be aware the script will upload full screenshots (sensitive chat contents) to an external service — only proceed if you're comfortable with that data leaving your machine; (5) consider running in an isolated/test environment first and ask the author for a cleaned, configurable version (no hardcoded user paths, documented dependencies, and explicit declaration of required secrets). If you cannot verify these issues, treat the package as untrusted.
功能分析
Type: OpenClaw Skill
Name: wechat-qwen-reply
Version: 0.1.1
The skill contains hardcoded absolute file paths to a specific user's directory (C:\Users\chenxun), which is a significant privacy and portability concern. It utilizes PowerShell with a 'Bypass' execution policy to capture screenshots of WeChat conversations and transmits this data to an external API (dashscope.aliyuncs.com). While these actions align with the stated purpose of chat recognition, the combination of environment-specific hardcoding and automated screen capture of private communications in scripts like qwen_vl_read.py warrants a suspicious classification.
能力评估
Purpose & Capability
The skill claims WeChat chat reader + auto-reply, but the included code only performs capture→OCR→print/save flow. SKILL.md references PowerShell capture scripts and an AHK sender (wechat_capture_fast.ps1, wechat_capture_crop.ps1, wechat_send_chat.ahk), yet those files are not present in the bundle. The script also uses a hardcoded workspace path (C:\Users\chenxun\.nanobot\workspace) and a default contact name, which suggests it was left tied to the developer's environment rather than being generalized. Asking for AHK and PowerShell seems plausible for the stated purpose, but the absence of those scripts and hardcoded paths is incoherent.
Instruction Scope
The Python script will call PowerShell (ExecutionPolicy Bypass) to run capture scripts, read a local API key file at a hardcoded path, save/replace files under that same workspace, and then upload an embedded base64 PNG to https://dashscope.aliyuncs.com for OCR. Sending screenshots to a remote API is expected for OCR but is sensitive data exfiltration of chat images. The SKILL.md and script reference several local files and the AHK sender; the agent instructions do not declare or explain handling of sensitive data or permissions. The script will abort if the API key file is missing; there is a mismatch with the registry metadata which declared no required env/configs.
Install Mechanism
There is no install spec (instruction-only + single Python script), which reduces installation risk. However, runtime behavior executes PowerShell with ExecutionPolicy Bypass (to run external .ps1 scripts) and expects to call AHK; those runtime actions can execute arbitrary code if the referenced scripts are replaced or malicious, so verify the capture/send scripts before running.
Credentials
The package metadata lists no required credentials, but the script requires an API key file stored at a hardcoded path under C:\Users\chenxun\.nanobot\.secrets\dashscope_api_key.txt. This is an undeclared credential requirement and uses a developer-specific username/path. The skill also writes outputs into that workspace, potentially overwriting files. The credential access is not proportionally declared or configurable via environment variables.
Persistence & Privilege
The skill is not marked always:true and does not request elevated platform privileges. It does execute external scripts (PowerShell, AHK) and writes files to a workspace folder, but it does not alter other skills or system-wide configs in the provided code.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install wechat-qwen-reply - 安装完成后,直接呼叫该 Skill 的名称或使用
/wechat-qwen-reply触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.1
Improve English description and tags.
v0.1.0
Initial release of wechat-qwen-reply.
- Enables automatic reading and replying to WeChat PC chat (supports Qwen-VL vision model).
- Supports quick (region screenshot) and stable (full screenshot + cropping) modes for chat text extraction.
- Includes scripts for chat recognition, screenshot capture (PowerShell), and message sending (AHK).
- Provides setup guidance and key dependency notes.
- Output: recognized chat text and last cropped image are saved for reference.
- Built-in prompt logic distinguishes between sender roles and chat types.
元数据
常见问题
Wechat Qwen Reply 是什么?
WeChat chat reader + auto-reply (Qwen-VL vision + AHK send). Supports fast/slow capture, group nickname labels, file/red-packet cards, and filtering system m... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 307 次。
如何安装 Wechat Qwen Reply?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install wechat-qwen-reply」即可一键安装,无需额外配置。
Wechat Qwen Reply 是免费的吗?
是的,Wechat Qwen Reply 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Wechat Qwen Reply 支持哪些平台?
Wechat Qwen Reply 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Wechat Qwen Reply?
由 chenxundaozu(@chenxundaozu)开发并维护,当前版本 v0.1.1。
推荐 Skills