wechat-article-aggregator

The package implements a WeChat-article aggregation workflow that routes all requests and article downloads through a third-party aggregator (down.mptext.top). This is the primary trust and privacy consideration: user-supplied API keys and fetched article content are exposed to that service. Aside from that design choice, there are no clear signs of malware, obfuscation, or covert exfiltration in the supplied documentation and descriptions. Recommended mitigations: (1) treat the aggregator as a trusted service before supplying API keys, (2) verify or implement robust filename sanitization/path normalization, (3) prefer short-lived or scoped API keys where possible, and (4) inspect implementation for any hidden network endpoints or dynamic code execution before deployment.