lovstudio-wxmp-cracker

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). The skill contains intentionally encrypted/obfuscated payloads (SKILL.md and runnable scripts) that must be decrypted on-demand by an external helper (uvx/lovstudio-skill-helper), includes functionality around obtaining/refreshing login state/tokens (refresh_token.py), and enforces online decryption each run — together these are strong indicators of deliberate obfuscation and remote-activation behavior that enable credential theft, hidden data exfiltration, remote code execution or supply-chain/backdoor abuse.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 0.90). This skill's SKILL.md explicitly instructs crawling and scraping WeChat public account articles from mp.weixin.qq.com (public, user-generated content) which the agent ingests and processes as part of its workflow, so third-party article content could indirectly inject instructions and influence tool actions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 0.90). The skill requires running "uvx lovstudio-skill-helper decrypt wxmp-cracker", which the SKILL.md explicitly says does "one HTTP round-trip" to Lovstudio (https://lovstudio.ai) at runtime to fetch the actual SKILL.md that directly controls the agent's instructions and is a required dependency.