{"id":"lavarong-wechat-automation-api","name":"wechat-automation-api","homepage":null,"repo_url":"https://github.com/LAVARONG/wechat-automation-api","category":"communication","subcategories":[],"tags":["wechat","automation","flask","uiautomation","windows","local-api","messaging","agent-skill"],"what_it_does":"Provides a local Windows HTTP API (Flask) that automates WeChat UI (uiautomation) to send text and image messages, supporting batch sends and a background queue/worker, plus a separate monitor/guard process for disconnection warnings.","use_cases":["Automated notifications to specific WeChat contacts from other systems","Batch/broadcast style messaging to multiple contacts (via queueing)","Agent/skill integration entrypoint to trigger message sending from an LLM agent runtime","Monitoring/alerting via WeChat when the WeChat client disconnects"],"not_for":["Production-grade, internet-exposed messaging APIs without additional security controls","High-assurance compliance workflows (no evidence of formal security/compliance controls)","Sending arbitrary files (not implemented per docs)","Idempotent request/replay use-cases where duplicates are unacceptable (no explicit idempotency mechanism described)"],"best_when":"Runs on a trusted Windows host with the WeChat PC client logged in, with the API bound to localhost or otherwise strictly firewalled, and when best-effort queued sending is acceptable.","avoid_when":"Exposed to untrusted networks or the public internet, or when you need OAuth-level identity, fine audit trails, or strong delivery-state guarantees.","alternatives":["Use WeChat official channels/tools (where available) for supported integrations","Build a Windows automation workflow using uiautomation directly without exposing an HTTP service","Use other local notification/automation services (e.g., email/Slack/Telegram bots) instead of WeChat UI automation"],"af_score":61.8,"security_score":33.5,"reliability_score":53.8,"package_type":"skill","discovery_source":["openclaw"],"priority":"high","status":"evaluated","version_evaluated":null,"last_evaluated":"2026-03-30T13:48:11.734295+00:00","interface":{"has_rest_api":true,"has_graphql":false,"has_grpc":false,"has_mcp_server":false,"mcp_server_url":null,"has_sdk":false,"sdk_languages":[],"openapi_spec_url":null,"webhooks":false},"auth":{"methods":["Static token in request JSON (e.g., token field)"],"oauth":false,"scopes":false,"notes":"Authentication appears to be a single shared token provided in the JSON body. No OAuth or scope model is described."},"pricing":{"model":null,"free_tier_exists":false,"free_tier_limits":null,"paid_tiers":[],"requires_credit_card":false,"estimated_workload_costs":null,"notes":"Appears to be a self-hosted open-source/local tool; no pricing model described."},"requirements":{"requires_signup":false,"requires_credit_card":false,"domain_verification":false,"data_residency":[],"compliance":[],"min_contract":null},"agent_readiness":{"af_score":61.8,"security_score":33.5,"reliability_score":53.8,"mcp_server_quality":0.0,"documentation_accuracy":75.0,"error_message_quality":null,"error_message_notes":"Docs include example success and 401 responses. No explicit error codes schema beyond 'error' strings shown.","auth_complexity":95.0,"rate_limit_clarity":35.0,"tls_enforcement":20.0,"auth_strength":35.0,"scope_granularity":10.0,"dependency_hygiene":45.0,"secret_handling":60.0,"security_notes":"Uses a static shared token sent in request JSON; no evidence of TLS requirements, rate limiting headers, IP allowlisting, or scope-based authorization. Docs mention config.json is gitignored, which is good for secret handling, but there is no mention of secure secret storage or masking in logs. Because it automates a local desktop UI, operational security (restricting network exposure, least privilege on the host, and protecting the token) is critical.","uptime_documented":20.0,"version_stability":55.0,"breaking_changes_history":70.0,"error_recovery":70.0,"idempotency_support":"false","idempotency_notes":"No idempotency key or deduplication behavior described. Requests are said to be added to a queue immediately, which may cause duplicates on retries.","pagination_style":"none","retry_guidance_documented":false,"known_agent_gotchas":["Retries may enqueue duplicate messages because idempotency is not documented.","Image sending downloads from a URL; agent should ensure URL accessibility and content type/size constraints (not documented).","Contact name matching is sensitive (docs mention case sensitivity).","Service likely targets localhost by default; remote execution requires careful firewalling and TLS termination (not described)."]}}