Skills
skills/openclaw/skills/wechat-publisher/Gen Agent Trust Hub

wechat-publisher

Warn

Audited by Gen Agent Trust Hub on Feb 12, 2026

Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONCREDENTIALS_UNSAFE
Full Analysis

================================================================================

🟡 VERDICT: MEDIUM

This skill presents a MEDIUM risk primarily due to its automatic installation of an unverified external dependency and its handling of sensitive credentials that are then passed to this dependency. While the skill's direct code does not appear to be malicious, the reliance on an external, unverified tool introduces a significant supply chain risk.

Total Findings: 5

🟡 MEDIUM Findings: • Unverifiable Dependencies

  • scripts/publish.sh Line 20: The script automatically executes npm install -g @wenyan-md/cli if the wenyan command is not found. The wenyan-cli project (caol64/wenyan-cli) is not from a trusted GitHub organization. Installing a global package from an unverified source poses a supply chain risk, as a compromised wenyan-cli could lead to arbitrary code execution or data exfiltration. • Command Execution
  • scripts/publish.sh Line 20: The skill directly executes npm install -g and then wenyan publish with user-provided content and credentials. This grants significant control to the wenyan-cli tool, which is an unverified dependency. • Credentials Unsafe
  • scripts/publish.sh Line 30: The skill instructs users to store WECHAT_APP_ID and WECHAT_APP_SECRET in TOOLS.md. The scripts/publish.sh and scripts/setup.sh scripts read these sensitive credentials and export them as environment variables, which are then used by the wenyan publish command. The risk is that these credentials are handled by an unverified external dependency (wenyan-cli), which could potentially misuse or exfiltrate them.

🔵 LOW Findings: • Privilege Escalation

  • SKILL.md Line 251: The troubleshooting guide suggests brew upgrade node. While brew commands can have system-wide effects and sometimes require sudo, this is a user-initiated suggestion rather than a direct execution by the skill itself.

ℹ️ TRUSTED SOURCE References: • Network Request

  • SKILL.md Line 160: The curl ifconfig.me command is suggested in troubleshooting to get the user's public IP for WeChat API whitelisting. While it's a network request, it's for a legitimate configuration purpose and does not exfiltrate sensitive local data.

================================================================================

Audit Metadata
Risk Level
MEDIUM
Analyzed
Feb 12, 2026, 07:49 AM