wechat-daily-report

Fail

Audited by Gen Agent Trust Hub on Jun 24, 2026

Risk Level: HIGHEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONDATA_EXFILTRATIONPROMPT_INJECTION
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The setup_check.py script automatically clones a third-party repository (ylytdeng/wechat-decrypt) during environment setup. This repository is not maintained by the skill author or a known trusted organization, presenting a significant supply chain risk.
  • [REMOTE_CODE_EXECUTION]: After cloning the external repository, the skill executes its Python scripts (main.py or decrypt_db.py) to perform database decryption operations on the user's local machine.
  • [COMMAND_EXECUTION]: The decrypt_wechat.py script performs runtime compilation of C source code (find_all_keys_macos.c) using the cc compiler on macOS. This binary is designed to scan system memory for encryption keys, which is a highly sensitive and potentially intrusive operation.
  • [COMMAND_EXECUTION]: Multiple scripts use subprocess.run to execute shell commands, including git, pip, tasklist, and pgrep, as well as self-invoking other Python scripts in the project.
  • [DATA_EXFILTRATION]: The skill is designed to read and process highly sensitive personal data from local WeChat SQLite databases (contact.db, message_*.db). These files contain private chat histories, contact lists, and personal identifiers.
  • [PROMPT_INJECTION]: The skill is vulnerable to indirect prompt injection. It ingests untrusted chat messages from WeChat groups, performs minimal sanitization (truncation and whitespace collapsing), and interpolates this data directly into the AI context via ai_prompt.md. Maliciously crafted chat messages could potentially influence the AI's behavior or cause it to leak information.
  • [COMMAND_EXECUTION]: The documentation and scripts indicate that the database scanner may require administrative or root privileges to function on certain operating systems (macOS), which increases the potential impact of any malicious code within the downloaded dependencies.
Recommendations
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Jun 24, 2026, 07:37 AM
Security Audit — agent-trust-hub — wechat-daily-report