wecom-automation

SUSPICIOUS. The skill’s core behavior broadly matches its stated automation purpose, but it combines autonomous external actions, third-party token forwarding, and processing of untrusted inbound content with exec/write-capable tooling. This is not confirmed malware, yet it is a high-risk automation skill with significant trust and safety concerns.