wecomcli-edit-todo

The skill’s purpose and command set are coherent for editing WeCom todos, and there is no direct evidence of credential theft or deceptive exfiltration in the text. However, the entire skill depends on an unverifiable external CLI whose publisher, install path, credential handling, and network endpoints could not be confirmed from official sources, so the skill is best classified as SUSPICIOUS with high supply-chain risk rather than confirmed malware.