wecomcli-edit-meeting

Warn

Audited by Socket on Mar 29, 2026

1 alert found:

Security

SecuritySKILL.md

MEDIUM

SecurityMEDIUM

SKILL.md

该技能的功能与声明用途基本一致，未见明显凭证窃取或异常外传指令；但它把核心操作交给无法验证来源的外部 CLI `wecom-cli`，且该 CLI 可读取通讯录并执行真实会议变更。整体应判为 SUSPICIOUS：不是已确认恶意，但存在高供应链与操作风险。

Confidence: 84%Severity: 82%

Audit Metadata

Analyzed At

Mar 29, 2026, 05:09 PM

Package URL

pkg:socket/skills-sh/WeComTeam%2Fwecom-cli%2Fwecomcli-edit-meeting%2F@6942a345d270f3b3d50701a71ab3fb740fc9871d