wechat-use
Fail
Audited by Gen Agent Trust Hub on Jul 1, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFE
Full Analysis
- [REMOTE_CODE_EXECUTION]: The primary method for installing and upgrading the tool involves downloading a shell script from a personal GitHub repository (
leeguooooo/wechat-use) and piping it directly into bash (curl -fsSL ... | bash). This is a classic untrusted execution pattern. - [EXTERNAL_DOWNLOADS]: The
install.shscript downloads multiple compiled native binaries (wechat,wechatd,wechat-bridge, etc.) from GitHub Releases. These binaries are execution-critical but lack verifiable supply-chain security independent of the author's repository. - [COMMAND_EXECUTION]: The installation guide instructs users to run
sudo codesignon the officialWeChat.appto inject custom entitlements (get-task-allow). This modifications disables standard macOS security protections for the application to allow the tool to attach a debugger and extract keys. - [COMMAND_EXECUTION]: The skill sets up persistent execution by creating a LaunchAgent (
ai.wechat.bridge.plist) in the user's~/Library/LaunchAgentsdirectory, ensuring the bridge service runs automatically on every login. - [COMMAND_EXECUTION]: The
wechat-use listenfunctionality includes an--on-messageparameter that allows the execution of arbitrary shell commands or scripts whenever a message is received, which could be abused if message content is processed unsafely. - [CREDENTIALS_UNSAFE]: The tool extracts and stores raw SQLCipher decryption keys for the WeChat databases in
~/.wx-rs/keys.json. Although the files are protected with restrictive filesystem permissions (0600), these keys provide full access to all archived message data if the user's account is compromised.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/leeguooooo/wechat-use/main/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata