Skills
skills/jimliu/baoyu-skills/baoyu-post-to-wechat/Gen Agent Trust Hub

baoyu-post-to-wechat

Pass

Audited by Gen Agent Trust Hub on May 11, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATION
Full Analysis
  • [COMMAND_EXECUTION]: The skill uses child_process.spawnSync and spawn to execute cross-platform system utilities for clipboard management and keystroke simulation. This includes osascript on macOS, powershell.exe on Windows, and xdotool/ydotool on Linux.
  • [COMMAND_EXECUTION]: The skill executes local TypeScript scripts using the bun runtime and interacts with the agent-browser CLI for automated browser interactions.
  • [COMMAND_EXECUTION]: On macOS, the skill dynamically generates and executes a temporary Swift script to handle rich-text and image data on the system clipboard.
  • [EXTERNAL_DOWNLOADS]: The publishing workflow in scripts/wechat-api.ts can fetch images from remote URLs provided in the article content for upload to WeChat servers.
  • [DATA_EXFILTRATION]: The skill manages WeChat API credentials (APP_ID and APP_SECRET) and transmits article content to the official WeChat API endpoints (api.weixin.qq.com) and management platform (mp.weixin.qq.com).
Audit Metadata
Risk Level
SAFE
Analyzed
May 11, 2026, 11:54 PM