The Agent Skills Directory

[REMOTE_CODE_EXECUTION]: The skill documentation promotes a 'One-line installer' command curl -sSL https://raw.githubusercontent.com/fastclaw-ai/weclaw/main/install.sh | sh which executes a script from an unverified remote source directly in the shell.
[EXTERNAL_DOWNLOADS]: The skill directs users to install unverified software including a Go package from github.com/fastclaw-ai/weclaw and a Docker image from ghcr.io/fastclaw-ai/weclaw.
[COMMAND_EXECUTION]: The skill facilitates system persistence by providing instructions to use sudo to install service files in /etc/systemd/system/ (Linux) or create a LaunchAgent in ~/Library/LaunchAgents/ (macOS).
[COMMAND_EXECUTION]: Configuration guidelines recommend using flags like --dangerously-skip-permissions and --skip-git-repo-check for integrated agents, which intentionally disables protective guardrails.
[DATA_EXFILTRATION]: The bridge manages files like ~/.weclaw/config.json and ~/.weclaw/weclaw.log which store sensitive data including WeChat session tokens, conversation history, and API keys.
[COMMAND_EXECUTION]: The application dynamically spawns subprocesses based on user-defined binary paths in the configuration file, presenting a risk of unauthorized command execution.
[PROMPT_INJECTION]: The skill creates an attack surface for indirect prompt injection by bridging untrusted messages from WeChat to AI agents. 1. Ingestion points: WeChat messages via the weclaw bridge. 2. Boundary markers: Absent; message content is passed directly to agents. 3. Capability inventory: Subprocess execution of agent binaries and network requests. 4. Sanitization: Absent; the bridge only strips markdown for display purposes.

weclaw-wechat-ai-bridge