Skills
skills/freestylefly/canghe-skills/canghe-post-to-wechat/Gen Agent Trust Hub

canghe-post-to-wechat

Pass

Audited by Gen Agent Trust Hub on Feb 24, 2026

Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFEREMOTE_CODE_EXECUTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill provides instructions and automation to download the Bun runtime from its official source at https://bun.sh/install if it is not detected on the user's system.
  • [COMMAND_EXECUTION]: The skill utilizes system-specific utilities to bridge functionality with the operating system. Specifically, it uses osascript on macOS, powershell.exe on Windows, and xdotool or ydotool on Linux to simulate paste keystrokes (Cmd+V/Ctrl+V) and perform rich-text clipboard operations.
  • [CREDENTIALS_UNSAFE]: The skill manages WeChat API credentials (WECHAT_APP_ID and WECHAT_APP_SECRET) by reading from and writing to local .env files located in project or home directories (.canghe-skills/.env).
  • [REMOTE_CODE_EXECUTION]: The skill includes logic to download remote images found in markdown content using standard HTTP/HTTPS modules. Additionally, it uses Runtime.evaluate through a custom Chrome DevTools Protocol (CDP) implementation to automate the WeChat editor in a browser session.
Audit Metadata
Risk Level
SAFE
Analyzed
Feb 24, 2026, 11:24 AM