wendy-lite

The Wendy Lite skill description and architecture are broadly coherent with a WASM-enabled embedded runtime for ESP32-C6, including multi-language WASM support and hardware access. However, several security concerns are present, primarily around runtime code download/upload pathways (USB/WiFi), provenance and integrity verification of WASM binaries, and provisioning credential handling. These could lead to remote code execution, credential leakage, or supply-chain compromise if not properly mitigated with strong cryptographic signing, secure delivery channels, and rigorous access control. Overall, the footprint is plausible for the stated purpose but has noteworthy suspicious elements that warrant strong hardening before deployment. Labeling as SUSPICIOUS rather than Benign is prudent given the multi-channel code update/upload model and potential for unverified binaries to run on hardware.