Skills
skills/wecomteam/wecom-cli/wecomcli-get-todo-list/Socket

wecomcli-get-todo-list

Warn

Audited by Socket on Mar 29, 2026

1 alert found:

Security
SecurityMEDIUM
SKILL.md

该技能的业务目的与功能基本一致,但核心执行完全依赖一个无法验证来源的外部 `wecom-cli` 黑盒二进制,并可能向其转交企业微信认证信息;再加上强制调用另一技能,形成额外信任链。未发现明确恶意或外泄端点证据,但整体应判为可疑且高风险,而非确认恶意。

Confidence: 85%Severity: 82%
Audit Metadata
Analyzed At
Mar 29, 2026, 05:09 PM
Package URL
pkg:socket/skills-sh/WeComTeam%2Fwecom-cli%2Fwecomcli-get-todo-list%2F@fefe5270b7c908f809e1d8a6c00418b4956d34d8