wechat-cli

Fail

Audited by Snyk on Apr 19, 2026

Risk Level: CRITICAL
Full Analysis

CRITICAL E005: Suspicious download URL detected in skill instructions.

  • Suspicious download URL detected (high risk: 0.90). These URLs point to a personal GitHub repo offering a direct download of an ad‑hoc signed native executable (wechat-cli) from an individual account of unclear reputation, with instructions to bypass macOS quarantine and a tool that attaches a debugger and writes process memory—behavior that is inherently high-risk and could be used to distribute malware or perform unwanted code execution.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 0.90). The skill's installer and README instruct fetching and installing an ad-hoc signed executable from https://github.com/leeguooooo/wechat-skill/releases/latest/download/wechat-cli (via curl) which is downloaded and then executed as a required runtime dependency, so the URL supplies remote executable code the skill depends on.

MEDIUM W013: Attempt to modify system services in skill instructions.

  • Attempt to modify system services in skill instructions detected (high risk: 0.90). The skill instructs installing a binary into /usr/local/bin, removing macOS quarantine attributes, and using LLDB to attach to and overwrite another process's memory (plus caching state files), which actively modifies system/app state and bypasses platform security controls.

Issues (3)

E005
CRITICAL

Suspicious download URL detected in skill instructions.

W012
MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

W013
MEDIUM

Attempt to modify system services in skill instructions.

Audit Metadata
Risk Level
CRITICAL
Analyzed
Apr 19, 2026, 06:48 PM
Issues
3
Security Audit — snyk — wechat-cli