wechat-writing

SUSPICIOUS. The core writing/publishing workflow is coherent, and the WeChat draft flow appears intended for official APIs, but the skill is not self-contained: it delegates execution and credentials to multiple unpinned companion skills, processes untrusted web content, allows arbitrary illustration proxy endpoints, and performs account actions by default. This is better classified as a high-risk vulnerable skill than confirmed malware.