wechat

Warn

Audited by Socket on May 22, 2026

2 alerts found:

Securityx2
SecurityMEDIUM
SKILL.md

SUSPICIOUS. The skill is broadly aligned with its stated WeChat automation purpose, but it has a large invasive footprint: pipe-to-shell installation of standalone binaries, extraction/storage of WeChat DB keys, arbitrary message sending, shell handlers on inbound content, and optional remote tunnel/webhook exposure. The documentation's '100% local' claim is inconsistent with its documented remote modes. This looks more like a high-risk desktop automation/integration tool than confirmed malware.

Confidence: 87%Severity: 81%
SecurityMEDIUM
docs/install.md

No malicious code is shown in the provided fragment (it is a README-style guide), so malware presence cannot be confirmed from this text alone. However, it documents a high-risk supply-chain and privilege model: installing via `curl ... | bash`, creating persistent LaunchAgent auto-start, requiring macOS Accessibility privileges, and extracting/storing SQLCipher key material locally. These factors significantly increase potential impact if the installer or binaries are compromised. Review/audit the actual installer and binaries for integrity verification, persistence behavior, network destinations, and how key material and logs are protected (permissions and exfiltration safeguards).

Confidence: 56%Severity: 70%
Audit Metadata
Analyzed At
May 22, 2026, 12:49 AM
Package URL
pkg:socket/skills-sh/leeguooooo%2Fwechat-skill%2Fwechat%2F@cc13e1db25248c140f05c7794780d28df2a19beb
Security Audit — socket — wechat