wecom-notify

The tool performs a benign and common function (sending WeCom messages/files). The primary security concern is the explicit routing of API calls through a specified proxy (10.147.17.105:8888 on a Guangzhou VPS via ZeroTier), which centrally exposes credentials and uploaded data to a third-party operator and materially increases the risk of credential harvesting or data interception. Additional concerns: reading secrets from a local JSON file without visible safeguards and a hardcoded default recipient. Recommended actions: inspect the actual scripts/send_wecom.py implementation to confirm TLS verification and absence of secret-logging; avoid using untrusted proxies — prefer direct HTTPS to WeCom or a vetted enterprise gateway; rotate credentials if they were ever transmitted through an untrusted proxy; ensure secrets are stored with least privilege and not written to logs.