Audited by Socket on May 22, 2026
2 alerts found:
Securityx2SUSPICIOUS. The skill is broadly aligned with its stated WeChat automation purpose, but it has a large invasive footprint: pipe-to-shell installation of standalone binaries, extraction/storage of WeChat DB keys, arbitrary message sending, shell handlers on inbound content, and optional remote tunnel/webhook exposure. The documentation's '100% local' claim is inconsistent with its documented remote modes. This looks more like a high-risk desktop automation/integration tool than confirmed malware.
No malicious code is shown in the provided fragment (it is a README-style guide), so malware presence cannot be confirmed from this text alone. However, it documents a high-risk supply-chain and privilege model: installing via `curl ... | bash`, creating persistent LaunchAgent auto-start, requiring macOS Accessibility privileges, and extracting/storing SQLCipher key material locally. These factors significantly increase potential impact if the installer or binaries are compromised. Review/audit the actual installer and binaries for integrity verification, persistence behavior, network destinations, and how key material and logs are protected (permissions and exfiltration safeguards).