Skills
skills/stvlynn/qclaw-skills/wecom-msg/Socket

wecom-msg

Warn

Audited by Socket on Mar 21, 2026

1 alert found:

Security
SecurityMEDIUM
SKILL.md

该技能的功能与“查看/发送企业微信消息”目的基本一致,且发送前确认是正向控制;但它依赖不可公开验证的内部 MCP/技能链,且会处理敏感聊天数据并执行真实消息发送。整体更像内部业务自动化技能而非明显恶意内容,但因供应链不可核验和数据流不透明,应判定为可疑而非完全可信。

Confidence: 84%Severity: 72%
Audit Metadata
Analyzed At
Mar 21, 2026, 04:46 PM
Package URL
pkg:socket/skills-sh/stvlynn%2Fqclaw-skills%2Fwecom-msg%2F@1032735b3ef9693bdb3423ccf54364677b71e560
Security Audit — socket — wecom-msg