wechat-use

Fail

Audited by Snyk on Jul 1, 2026

Risk Level: CRITICAL
Full Analysis

CRITICAL E005: Suspicious download URL detected in skill instructions.

  • Suspicious download URL detected (high risk: 0.70). Most links point to legitimate npm registry packages and GitHub project pages (low risk), but the presence of a raw GitHub install.sh (curl | bash), direct GitHub release/download placeholders, and personal-hosted endpoints (and template/placeholder tunnel URLs) are higher-risk distribution vectors that could be abused to deliver arbitrary binaries or scripts—so treat these as potentially unsafe until you verify the repository and inspect the installer script and binaries.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.85). Runtime LLM context can be fed by outsider-authored free text from WeChat inbound messages (other participants’ chat content) via the wechat-use listen / wechat-bridge /messages/stream SSE path, which emits body/refer.content/urlLink.title derived from those messages.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 1.00). The SKILL instructs agents to run a remote installer via curl and pipe to bash (curl -fsSL https://raw.githubusercontent.com/leeguooooo/wechat-use/main/install.sh | bash), which fetches and executes remote code at runtime and is presented as the required install/upgrade path for the CLI, so it is a high-confidence runtime-executed external dependency.

Issues (3)

E005
CRITICAL

Suspicious download URL detected in skill instructions.

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W012
MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata
Risk Level
CRITICAL
Analyzed
Jul 1, 2026, 06:30 PM
Issues
3
Security Audit — snyk — wechat-use