baoyu-post-to-wechat

The skill appears aligned with its stated purpose of posting to WeChat via API or browser automation, with support for article and image-text formats. While it employs necessary credential handling and automated browser interactions, the reliance on external runtimes (bun and Chrome) and broad environment access elevates the security risk. This is a non-malicious but moderately risky tool that should be used with explicit user consent, strict version pinning of runtimes, least-privilege credentials, secure logging, and ensured separation of credentials from public artifacts.