weclaw-wechat-ai-bridge

SUSPICIOUS. The core bridge behavior is consistent with the stated purpose, but the trust model is broad: a curl|sh installer from a different org than the skill publisher, forwarding of messages/tokens to external agent endpoints, unauthenticated API exposure when bound externally, and guidance to disable agent permission prompts. This looks more like a high-risk integration skill than confirmed malware.