wechat-publish

SUSPICIOUS. The visible skill purpose and WeChat credential use are mostly coherent, but trust is weakened by transitive skill installation and an undeclared dependency on external `bun`/`article-illustrator` cover-generation tooling with unspecified model API keys. Without the referenced scripts, the data flows look plausible rather than verified, so this is not confirmed malicious but carries medium risk.