wx-favorites-report

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The skill explicitly captures, logs, and prints the derived encryption key and demonstrates using it verbatim on the command line (e.g., passing <32-byte-key-hex> to decrypt_db.py), forcing secrets to be emitted/copied in cleartext—an immediate exfiltration risk.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This skill explicitly instructs how to bypass app protections (re-signing), hook WeChat with Frida to capture PBKDF2-derived key material, and use those keys to decrypt an encrypted SQLCipher database — a deliberate workflow to extract private user data and cryptographic secrets that enables credential theft and data exfiltration (even though no remote exfiltration is included, the captured key material makes exfiltration or further compromise trivial).

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill instructs copying and re-signing the WeChat app to strip the hardened runtime (bypassing app protections) and to inject Frida into a live process to extract encryption keys and decrypt user data, which modifies local app binaries and circumvents security to access sensitive machine state.