canghe-post-to-wechat

Fail

Audited by Socket on Mar 18, 2026

1 alert found:

Malware
MalwareHIGH
SKILL.md

SUSPICIOUS: overall coherent with a WeChat publishing skill, and the main data flows go to official WeChat services. Risk comes from transitive skill installation, remote Bun installer guidance, plaintext credential storage, and browser automation with profile/clipboard access; these are proportionate but broaden trust and execution scope.

Confidence: 82%Severity: 58%
Audit Metadata
Analyzed At
Mar 18, 2026, 04:51 PM
Package URL
pkg:socket/skills-sh/freestylefly%2Fcanghe-skills%2Fcanghe-post-to-wechat%2F@271d5f55a67ea209eca61993f932c4a612de3c48
Security Audit — socket — canghe-post-to-wechat