wecomcli-get-todo-detail

Warn

Audited by Socket on Mar 29, 2026

1 alert found:

Security

SecuritySKILL.md

MEDIUM

SecurityMEDIUM

SKILL.md

该技能的业务目的与操作基本一致，但核心能力完全依赖来源未验证的外部 `wecom-cli`。未见明确恶意或第三方凭证转发证据，但黑盒 CLI 加上通讯录全量访问使整体应判为 SUSPICIOUS，而非 BENIGN。

Confidence: 84%Severity: 80%

Audit Metadata

Analyzed At

Mar 29, 2026, 05:09 PM

Package URL

pkg:socket/skills-sh/WeComTeam%2Fwecom-cli%2Fwecomcli-get-todo-detail%2F@c29f444e111e839c35897332bc4684aba0e9710b