Skills
skills/tentacle-pro/skills/baoyu-post-to-wechat/Gen Agent Trust Hub

baoyu-post-to-wechat

Pass

Audited by Gen Agent Trust Hub on Mar 9, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill extensively uses child_process to launch Google Chrome and automate it using the Chrome DevTools Protocol (CDP). It also invokes platform-specific utilities like osascript (macOS), xclip/wl-copy (Linux), and powershell.exe (Windows) to handle complex clipboard operations for rich text and images. On macOS, the skill dynamically generates and executes temporary .swift files to interface with the AppKit library for enhanced clipboard management.
  • [EXTERNAL_DOWNLOADS]: During content processing, the skill downloads remote images found in Markdown files to a local temporary directory. Additionally, the Markdown renderer dynamically fetches syntax highlighting language modules from an Aliyun OSS CDN (cdn-doocs.oss-cn-shenzhen.aliyuncs.com) using dynamic import() calls.
  • [REMOTE_CODE_EXECUTION]: A diagnostic tool provided with the skill (scripts/check-permissions.ts) contains a log message string that suggests the user run curl -fsSL https://bun.sh/install | bash if the Bun runtime is missing. This is purely for user guidance and documentation; the command is not executed by the skill itself.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 9, 2026, 03:31 PM