laohan-xiazai

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 1.00). While most URLs are benign content/APIs (WeChat, TikTok/Douyin links, tikwm, r.jina.ai), the GitHub release and repo by "hanzhcn" explicitly distribute DMG/EXE binaries and an MITM proxy that requires installing a custom CA—personal GitHub releases and installers plus instructions to install a root certificate are high-risk and could be used to distribute malware.

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). The skill document contains multiple high-risk, abuse-enabling patterns — notably instructions to install a system CA and run a local MITM proxy that decrypts HTTPS traffic, guidance to take over a logged-in Chrome session (CDP/Browser Bridge) which accesses cookies/session state, distribution of prebuilt binaries via releases, and explicit techniques to bypass platform protections (watermarks, safety checks) and automate bulk downloads — all of which can be used for credential theft, traffic interception, unauthorized access, and supply-chain abuse.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.85). 该技能在运行时会通过 curl -sL "https://r.jina.ai/<url>"、agent-reach/web-content-fetcher、以及各平台的 opencli .../Scrapling/MCP 抓取“外部网页/社交平台内容”的可读文本并注入到代理上下文（属于公共网页/第三方平台的自由文本来源）。

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill directs users to download and run a prebuilt binary from https://github.com/hanzhcn/laohan-skills/releases/tag/v1.1.0 (weixin-video-download DMG/EXE) which is fetched and executed at runtime as a required MITM proxy dependency for WeChat 视频号 downloads.