Skills
skills/guanyang/antigravity-skills/baoyu-post-to-wechat/Gen Agent Trust Hub

baoyu-post-to-wechat

Pass

Audited by Gen Agent Trust Hub on May 25, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses system-level utilities to manage the clipboard and simulate keystrokes across different platforms.
  • On macOS, it uses osascript and dynamically compiled Swift scripts to handle rich text and images in the clipboard.
  • On Linux, it attempts to use xclip, xdotool, or ydotool for similar purposes.
  • On Windows, it utilizes PowerShell's SendKeys and Clipboard classes.
  • [EXTERNAL_DOWNLOADS]: The skill makes network requests to external services to fulfill its primary duties.
  • It communicates with the WeChat Official Account API at api.weixin.qq.com for token management and content publishing.
  • It can optionally send login QR codes to the Telegram Bot API (api.telegram.org) for remote authentication.
  • [COMMAND_EXECUTION]: The skill automates web browser interactions using the Chrome DevTools Protocol (CDP).
  • It launches Chrome or Edge with specific flags to bypass automation detection and manages isolated browser profiles.
  • It uses Runtime.evaluate to execute JavaScript within the WeChat editor page to fill forms and handle uploads.
Audit Metadata
Risk Level
SAFE
Analyzed
May 25, 2026, 05:38 AM
Security Audit — agent-trust-hub — baoyu-post-to-wechat