Skills
NYC
skills/plugins-world/pw-skills/pw-post-to-wechat/Gen Agent Trust Hub

pw-post-to-wechat

Fail

Audited by Gen Agent Trust Hub on Feb 17, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
  • REMOTE_CODE_EXECUTION (HIGH): The skill dynamically imports JavaScript files from a remote, non-whitelisted CDN to support on-demand language highlighting.
  • Evidence: scripts/md/utils/languages.ts uses await import() on URLs generated from https://cdn-doocs.oss-cn-shenzhen.aliyuncs.com. This allows for arbitrary code execution if the CDN or the hosted files are compromised.
  • COMMAND_EXECUTION (HIGH): Multiple scripts utilize system-level command execution to perform rendering and automation tasks, including simulation of keyboard events which can be used to manipulate other applications.
  • Evidence: scripts/paste-from-clipboard.ts executes osascript (macOS), powershell.exe (Windows), and xdotool (Linux) to simulate system-wide 'Paste' keystrokes.
  • Evidence: scripts/md-to-wechat.ts uses spawnSync to execute bun for markdown rendering tasks.
  • EXTERNAL_DOWNLOADS (MEDIUM): The skill fetches content from arbitrary external web sources, which could lead to server-side request forgery (SSRF) or the ingestion of malicious assets.
  • Evidence: scripts/md-to-wechat.ts downloads images from URLs extracted from user-provided markdown files using a custom downloadFile function.
  • DATA_EXFILTRATION (LOW): User-provided content is transmitted to external third-party services for processing.
  • Evidence: scripts/md/extensions/plantuml.ts encodes and sends diagram code to https://www.plantuml.com for rendering, exposing potentially sensitive business logic contained in diagrams to the service provider.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Feb 17, 2026, 06:04 PM