Skills
skills/ideacco/baoyu-skills-openclaw/baoyu-post-to-wechat/Gen Agent Trust Hub

baoyu-post-to-wechat

Fail

Audited by Gen Agent Trust Hub on Mar 4, 2026

Risk Level: HIGHCOMMAND_EXECUTIONPROMPT_INJECTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses spawnSync and execSync to run system utilities for clipboard management and UI automation, including AppleScript on macOS and xdotool on Linux. These are required for its primary browser-based posting functionality.\n- [PROMPT_INJECTION]: The skill processes untrusted Markdown and HTML files, creating a surface for indirect prompt injection.\n
  • Ingestion points: User-provided files in scripts/wechat-article.ts and scripts/wechat-browser.ts.\n
  • Boundary markers: Content is interpolated without protective delimiters.\n
  • Capability inventory: Access to bash, browser, and network tools.\n
  • Sanitization: No specific checks are performed on input content for agent instructions.\n- [EXTERNAL_DOWNLOADS]: The conversion logic fetches images from remote URLs (scripts/md-to-wechat.ts), and the markdown renderer dynamically loads syntax highlighting definitions from a third-party CDN (scripts/md/utils/languages.ts).\n- [REMOTE_CODE_EXECUTION]: Documentation and setup scripts recommend installing the Bun runtime via a piped shell command (curl | bash). This is neutrally documented as it targets the official domain of a well-known tool.
Recommendations
  • HIGH: Downloads and executes remote code from: https://bun.sh/install - DO NOT USE without thorough review
Audit Metadata
Risk Level
HIGH
Analyzed
Mar 4, 2026, 04:20 PM