wechat-auto-reply

This skill is an automation utility for WeChat on macOS that uses local OCR and UI automation to suggest and send replies. It does not show network exfiltration, obfuscated payloads, or explicit credential harvesting in the provided content. Primary risks are operational and privacy-related: the need for Screen Recording and Accessibility permissions (which allow reading all on-screen content and controlling input), automatic sending of messages when confidence ≥ 85% (possible unintended outbound messages), clipboard clobbering, and reliance on a third-party Homebrew tap for installation. These factors make the package a moderate security risk if granted permissions and run without care; it should not be installed or run on machines with sensitive information without evaluating trust in the tap/author and limiting permissions. Recommended mitigations: review/install from trusted sources only, require explicit per-message confirmation (disable automatic send), avoid running on accounts with sensitive open windows, and inspect installed binaries from the Homebrew tap before granting privileges.