Read WeChat local data from SQLite databases. Supports listing contacts, chat sessions, searching messages, and viewing favorites. Use when the user needs to...
Security Analysis
medium confidenceThe skill's code and instructions match its stated purpose (reading local WeChat SQLite files in read-only mode) and it does not request unrelated credentials or perform network activity in the visible code, but exercise normal caution before granting disk access or allowing autonomous invocation.
The skill name/description (read WeChat local SQLite data) aligns with the included Python script and documentation: it searches the WeChat data directory, opens SQLite databases in read-only mode, and exposes commands for contacts, sessions, search, favorites and stats. There are no unexpected external service credentials or unrelated binaries requested.
SKILL.md directs the agent/user to access the WeChat data directory and run the bundled script; all instructions focus on reading local DB files, handling permissions, and using only read-only SQLite mode. It explicitly advises closing WeChat if databases are locked and instructs granting macOS 'Full Disk Access' if needed — a sensitive but plausible requirement for accessing ~/Library/Containers. There are no instructions to transmit data externally or to read unrelated system files.
There is no install specification (no downloads or package installs). The skill includes a local Python script that the agent/user runs directly. No remote code fetch or archive extraction is present.
The skill requests no environment variables, credentials, or config paths beyond the user-specified WeChat data directory. The only elevated permission the instructions recommend is granting terminal Full Disk Access on macOS, which is proportionate to the goal of reading files in ~/Library/Containers.
Flags show always:false (normal). disable-model-invocation is false, so the agent may invoke the skill autonomously — this is the platform default and not by itself a security problem, but it means an agent with permission could read local WeChat data when it chooses. Consider this when enabling autonomous agents.
Guidance
This skill appears to do what it claims: read local WeChat SQLite databases in read-only mode without contacting external services. Before installing or running it: (1) inspect the full script yourself (ensure there are no hidden network calls or obfuscated behavior), (2) run it only on your own device and only against databases you own, (3) back up the database files before use and close WeChat to avoid locks, (4) be cautious granting macOS Full Disk Access to your terminal (it gives broad access to other files), and (5) if you do not want an agent to automatically access your WeChat data, disable autonomous skill invocation or only call the skill manually. If you want higher assurance, request the complete untruncated source and verify there are no network/socket calls, subprocess.exec calls, or code that writes out extracted data to external locations.
Latest Release
v1.0.2
WeChat Local Data Reader - Initial Release - Allows read-only access to local WeChat data via SQLite. - List contacts, chat sessions, search messages, and view favorites. - Supports macOS (auto path) and Windows (custom path). - No data is modified; privacy controls and disk access requirements noted. - Full documentation included for usage and troubleshooting.
More by @AlphaFactor
Published by @AlphaFactor on ClawHub
