weibo-webmcp

SUSPICIOUS: the skill's Weibo-reading/writing scope mostly matches its purpose and uses official Weibo domains, but it requires an unverifiable `uxc` CLI and enables autonomous public posting through an authenticated browser profile. The main concerns are install trust and real-world action capability rather than clear credential theft or confirmed malware.