Skills
skills/maolai7/agent-skills/md-to-wechat/Gen Agent Trust Hub

md-to-wechat

Pass

Audited by Gen Agent Trust Hub on Apr 21, 2026

Risk Level: SAFEDATA_EXFILTRATIONCREDENTIALS_UNSAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
  • [DATA_EXFILTRATION]: The skill reads the content of local Markdown files and sends them to a third-party rendering service at https://feishu2weixin.maolai.cc. This is an essential step for the skill's functionality to convert Markdown to WeChat-compatible HTML.
  • [CREDENTIALS_UNSAFE]: The skill requires users to store sensitive WeChat Official Account credentials (WECHAT_APP_ID and WECHAT_APP_SECRET) in a local .env file. These credentials are used by the scripts to authenticate with the official WeChat API (https://api.weixin.qq.com).
  • [EXTERNAL_DOWNLOADS]: The script performs a network request to https://api4.ipify.org to retrieve the user's public IP address, which is used to help the user configure the WeChat API IP whitelist. It also downloads images from URLs specified in the Markdown files to re-upload them to WeChat's CDN.
  • [COMMAND_EXECUTION]: The AI agent is instructed to execute local Node.js scripts (publish.cjs and list_themes.cjs) using the node command to process files and interact with APIs.
Audit Metadata
Risk Level
SAFE
Analyzed
Apr 21, 2026, 01:46 AM