wechat-publisher-yashu
Warn
Audited by Gen Agent Trust Hub on Mar 29, 2026
Risk Level: MEDIUMCOMMAND_EXECUTIONCREDENTIALS_UNSAFEPROMPT_INJECTIONDATA_EXFILTRATION
Full Analysis
- [PROMPT_INJECTION]: The skill's instructions in
SKILL.mdcontain explicit directives for the AI agent to ignore theindex.jsfile and avoid reading its contents. This is a defensive pattern designed to bypass security analysis and hide the script's internal logic. - [COMMAND_EXECUTION]: The script executes multiple system commands using
wmic(wmic cpu get ProcessorId,wmic baseboard get SerialNumber,wmic csproduct get UUID) to harvest unique hardware identifiers. This data is used to generate a machine-specific hash for licensing and usage tracking without explicit user consent. - [CREDENTIALS_UNSAFE]: The skill prompts users to provide highly sensitive WeChat
AppIDandAppSecretcredentials. These are written to a localconfig.jsonfile. Because the main code is obfuscated, it is impossible to verify that these credentials are handled securely or not sent to third-party servers. - [DATA_EXFILTRATION]: The skill tracks usage limits and license status by creating persistent files and hidden directories (
.node_cache,.session_a1b2c3.dat) in the user's home directory. It also manages sensitive session tokens inwechat-token.json.
Audit Metadata