yy-post-to-wx
Pass
Audited by Gen Agent Trust Hub on Apr 20, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill makes HTTPS requests to the official WeChat API domain (api.weixin.qq.com) to obtain access tokens and upload article content. This behavior is necessary and appropriate for its stated functionality.
- [COMMAND_EXECUTION]: The script functions as a local CLI tool that reads user-specified Markdown and HTML files, processes them for WeChat compatibility, and handles configuration stored in the .baoyu-skills directory.
- [SAFE]: No malicious patterns such as prompt injection, credential exfiltration to unauthorized domains, obfuscation, or persistence mechanisms were detected during the analysis.
Audit Metadata