Skills
skills/yelban/baoyu-skills.tw/baoyu-post-to-weibo/Gen Agent Trust Hub

baoyu-post-to-weibo

Warn

Audited by Gen Agent Trust Hub on Mar 16, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses osascript (macOS), powershell.exe (Windows), and xdotool/ydotool (Linux) to automate user interface actions such as clipboard manipulation and keyboard event simulation to bypass bot detection.
  • [REMOTE_CODE_EXECUTION]: The baoyu-md vendor component dynamically imports JavaScript modules from an external CDN (cdn-doocs.oss-cn-shenzhen.aliyuncs.com) to support syntax highlighting for various programming languages during markdown rendering.
  • [EXTERNAL_DOWNLOADS]: The skill automatically downloads images from remote URLs specified in markdown files to a temporary directory using the http and https modules.
  • [COMMAND_EXECUTION]: Identifies and terminates existing browser processes using ps aux and pkill commands to manage Chrome/Chromium debug instances.
  • [COMMAND_EXECUTION]: Generates and executes a temporary Swift script on macOS to bridge JavaScript data to the system clipboard for rich text and image support.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Mar 16, 2026, 02:48 PM