wechat-use

Fail

Audited by Gen Agent Trust Hub on Jul 1, 2026

Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFE
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The primary method for installing and upgrading the tool involves downloading a shell script from a personal GitHub repository (leeguooooo/wechat-use) and piping it directly into bash (curl -fsSL ... | bash). This is a classic untrusted execution pattern.
  • [EXTERNAL_DOWNLOADS]: The install.sh script downloads multiple compiled native binaries (wechat, wechatd, wechat-bridge, etc.) from GitHub Releases. These binaries are execution-critical but lack verifiable supply-chain security independent of the author's repository.
  • [COMMAND_EXECUTION]: The installation guide instructs users to run sudo codesign on the official WeChat.app to inject custom entitlements (get-task-allow). This modifications disables standard macOS security protections for the application to allow the tool to attach a debugger and extract keys.
  • [COMMAND_EXECUTION]: The skill sets up persistent execution by creating a LaunchAgent (ai.wechat.bridge.plist) in the user's ~/Library/LaunchAgents directory, ensuring the bridge service runs automatically on every login.
  • [COMMAND_EXECUTION]: The wechat-use listen functionality includes an --on-message parameter that allows the execution of arbitrary shell commands or scripts whenever a message is received, which could be abused if message content is processed unsafely.
  • [CREDENTIALS_UNSAFE]: The tool extracts and stores raw SQLCipher decryption keys for the WeChat databases in ~/.wx-rs/keys.json. Although the files are protected with restrictive filesystem permissions (0600), these keys provide full access to all archived message data if the user's account is compromised.
Recommendations
  • HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/leeguooooo/wechat-use/main/install.sh - DO NOT USE without thorough review
  • AI detected serious security threats
Audit Metadata
Risk Level
HIGH
Analyzed
Jul 1, 2026, 06:31 PM
Security Audit — agent-trust-hub — wechat-use