wechat-cli

No malicious logic is directly evidenced in the provided documentation-only fragment. The primary security concern is auditability and supply-chain trust: an opaque prebuilt CLI binary is downloaded and installed (with quarantine removal) and then executed with macOS Accessibility permissions to automate WeChat UI actions. Further verification is required (e.g., binary provenance/signature trust evaluation, checksum pinning, sandboxing/dynamic analysis, and review of any referenced `SKILL.md`/install-time artifacts) before treating it as safe.

This fragment is a bootstrap installer that significantly increases supply-chain risk by downloading a moving 'latest' release binary from the network without any integrity/authenticity verification, installing it into a privileged execution path (often with sudo), and explicitly removing macOS quarantine to bypass standard user safety warnings. While the script itself contains no explicit malicious behavior beyond installation metadata changes, the trustworthiness of the upstream release artifact is critical and should be verified (e.g., pinned version + checksum/signature validation) before use.

SUSPICIOUS. The stated purpose matches the capability, but the skill relies on a non-auditable personal-release binary, asks users to bypass macOS trust checks, and grants it powerful Accessibility/debugger control over WeChat. It also enables autonomous outbound messaging with reduced visibility. No direct credential harvesting or third-party API proxying is shown, but the install and execution model is high risk and disproportionate for most agent use.