canghe-post-to-wechat

[Skill Scanner] Pipe-to-shell or eval pattern detected All findings: [CRITICAL] command_injection: Pipe-to-shell or eval pattern detected (CI013) [AITech 9.1.4] [HIGH] command_injection: Backtick command substitution detected (CI003) [AITech 9.1.4] This skill's stated purpose and its capabilities are largely coherent and appropriate for publishing to WeChat: it needs API credentials for API publishing and Chrome automation for browser-based publishing. However, it contains multiple supply-chain and local-automation risk patterns: recommending bun installation via curl|bash, reliance on npx -y (un pinned remote execution), requiring clipboard/keystroke automation and access to Chrome profiles, and writing credentials to local .env files. Those behaviors are high-risk from a supply-chain and local-automation perspective and warrant caution and review before running. I classify this as not evidently malicious but moderately risky (suspicious) due to the download-and-execute and broad automation patterns; verify installers and dependent skills, pin versions/checksums, and restrict file/automation permissions before use. LLM verification: This SKILL.md describes reasonable functionality for publishing to WeChat and mostly stays within expected capabilities. However there are multiple supply-chain and credential risks: it recommends pipe-to-shell installation, uses npx -y/bun unpinned execution, directs the agent to read and write local credential files, and to reuse Chrome profiles. Those patterns compound into a medium-to-high supply-chain threat: if any executed script or fetched package is malicious or compromised, credentials