wx-cli-wechat-local-data

SUSPICIOUS: the skill’s core capability—local WeChat data extraction via memory scanning—is broadly aligned with its stated purpose, but the overall footprint is high-risk. It combines privileged memory access, decrypted local caching, invasive macOS security changes, raw remote installers, and a transitive skill-install step. The biggest concern is install/execution trust: the skill is published by ara.so while directing users to install and trust code from jackwener via npm, GitHub raw scripts, and skill registry commands.