Skills
skills/stvlynn/qclaw-skills/wecom-contact-lookup/Socket

wecom-contact-lookup

Warn

Audited by Socket on Mar 21, 2026

1 alert found:

Security
SecurityMEDIUM
SKILL.md

该技能的业务目的与联系人查询能力基本一致,但其核心依赖 `wecom_mcp` 与 `wecom-preflight` 的来源、发布者关系、安装方式和实际网络终点均未验证。未发现明确恶意窃取或欺骗指令,但存在显著的供应链与转移信任风险,应判定为 SUSPICIOUS。

Confidence: 87%Severity: 82%
Audit Metadata
Analyzed At
Mar 21, 2026, 04:46 PM
Package URL
pkg:socket/skills-sh/stvlynn%2Fqclaw-skills%2Fwecom-contact-lookup%2F@6939aa117a273155179da0d4f3e60f5f3fe2a252
Security Audit — socket — wecom-contact-lookup