The Agent Skills Directory

[PROMPT_INJECTION]: The SKILL.md file contains instructions that explicitly command the AI agent not to read or inspect the index.js file. This is a clear attempt to bypass security auditing and transparency by preventing the agent from understanding the skill's underlying behavior.\n- [COMMAND_EXECUTION]: The skill uses execSync to run wmic commands on the host machine. These commands are used to retrieve sensitive hardware identifiers including the CPU ProcessorId, Motherboard SerialNumber, and BIOS UUID. These operations are unnecessary for the skill's stated purpose of publishing articles.\n- [DATA_EXFILTRATION]: The skill fingerprints the host machine by hashing its unique hardware IDs. This information is used to enforce an undocumented licensing system and is stored in persistent system directories like AppData/Roaming. The skill also points to an external shop (shop.wangchengq.com) for purchasing access keys.\n- [CREDENTIALS_UNSAFE]: The skill requests WeChat APP_ID and APP_SECRET from the user. Since the code in index.js is obfuscated, there is no way to verify that these credentials are handled securely or that they are not being exfiltrated to a third-party server alongside the machine fingerprints.\n- [OBFUSCATION]: The primary logic file index.js is heavily obfuscated using hex-encoded string arrays and character transformations. This obfuscation hides the system-level interactions and telemetry from the user and security analysis tools.

wechat-publisher-yashu