wechat-daily-report
Fail
Audited by Gen Agent Trust Hub on Jun 24, 2026
Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The
setup_check.pyscript automatically clones a third-party repository (ylytdeng/wechat-decrypt) during environment setup. This repository is not maintained by the skill author or a known trusted organization, presenting a significant supply chain risk. - [REMOTE_CODE_EXECUTION]: After cloning the external repository, the skill executes its Python scripts (
main.pyordecrypt_db.py) to perform database decryption operations on the user's local machine. - [COMMAND_EXECUTION]: The
decrypt_wechat.pyscript performs runtime compilation of C source code (find_all_keys_macos.c) using thecccompiler on macOS. This binary is designed to scan system memory for encryption keys, which is a highly sensitive and potentially intrusive operation. - [COMMAND_EXECUTION]: Multiple scripts use
subprocess.runto execute shell commands, includinggit,pip,tasklist, andpgrep, as well as self-invoking other Python scripts in the project. - [DATA_EXFILTRATION]: The skill is designed to read and process highly sensitive personal data from local WeChat SQLite databases (
contact.db,message_*.db). These files contain private chat histories, contact lists, and personal identifiers. - [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection. It ingests untrusted chat messages from WeChat groups, performs minimal sanitization (truncation and whitespace collapsing), and interpolates this data directly into the AI context via
ai_prompt.md. Maliciously crafted chat messages could potentially influence the AI's behavior or cause it to leak information. - [COMMAND_EXECUTION]: The documentation and scripts indicate that the database scanner may require administrative or root privileges to function on certain operating systems (macOS), which increases the potential impact of any malicious code within the downloaded dependencies.
Recommendations
- AI detected serious security threats
Audit Metadata