wechat-use

Warn

Audited by Socket on Jul 7, 2026

3 alerts found:

SecurityAnomalyx2
SecurityMEDIUM
SKILL.md

SUSPICIOUS: the core WeChat automation purpose matches many capabilities, but the skill has a large and sensitive footprint: curl|bash installation of a native binary, local key extraction, message-history access, shell-triggered automation, and optional remote tunneling/webhooks. The strongest inconsistency is the repeated claim that everything stays local while the documented optional features clearly send data off-host.

Confidence: 88%Severity: 79%
AnomalyLOW
docs/install.md

No direct malicious code or explicit exfiltration/backdoor mechanics are shown in this documentation fragment. However, it describes a high-risk supply-chain installation approach (`curl ... | bash` from a remote script), persistence via LaunchAgent, and requesting powerful macOS Accessibility permissions—alongside extraction and local storage of sensitive WeChat SQLCipher keys. This combination creates a meaningful security review requirement (integrity pinning for installer/binaries, and verification of what data is accessed or transmitted by the omitted code).

Confidence: 55%Severity: 66%
AnomalyLOW
blog/wechat-version-adaptation.zh.md

No dependency source code is provided—only an editorial description. The described tool capabilities are security-critical: recovering SQLCipher decryption keys via runtime observation/breakpointing and decrypting WeChat’s local personal data, plus tampering with in-process message-routing to enable background message sending and interfering with hot-update behavior to keep instrumentation stable. Even without evidence of network exfiltration in the snippet, the privacy and integrity risks are high, and the described behavior is consistent with abusive/unauthorized-access tooling patterns if packaged or redistributed. Malware cannot be definitively confirmed without reviewing the actual repository/package implementation (especially to check for network, persistence, stealth, and distribution safeguards).

Confidence: 60%Severity: 68%
Audit Metadata
Analyzed At
Jul 7, 2026, 06:09 AM
Package URL
pkg:socket/skills-sh/leeguooooo%2Fwechat-skill%2Fwechat-use%2F@193c67dd8993b4669b03532746bf6cdb30118a5e
Security Audit — socket — wechat-use