wechat-automation

No explicit malicious code patterns (obfuscation, hard-coded credentials, network exfiltration code, reverse shells) are present in the provided source. However, by design this agent exposes highly sensitive capabilities: reading private chat contents and injecting messages, and it funnels data to a generic stdout IPC channel without authentication or encryption. The module is therefore a high-risk component in a software supply chain if deployed in untrusted environments or paired with an untrusted orchestrator. Recommended actions before use: restrict run-time environment privileges, authenticate/authorize or encrypt the stdin/stdout IPC channel, sanitize/limit error outputs, add rate-limiting and command authorization for message-sending commands, and perform code review/audit of any orchestrator that consumes the agent's stdout.