Skills
skills/tentacle-pro/skills/tentacle-post2wechat/Gen Agent Trust Hub

tentacle-post2wechat

Pass

Audited by Gen Agent Trust Hub on Mar 30, 2026

Risk Level: SAFECOMMAND_EXECUTIONDATA_EXFILTRATIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The script uses spawnSync to execute a local image compression tool (baoyu-compress-image/scripts/main.ts) using the Bun runtime. This is an internal dependency used for optimizing assets before upload.
  • [DATA_EXFILTRATION]: The skill transmits the contents of local HTML files and images to api.tentacle.pro. This network operation is necessary for the skill's primary function of publishing drafts to WeChat and targets the official vendor API.
  • [EXTERNAL_DOWNLOADS]: The skill interacts with the external endpoint api.tentacle.pro to upload media and article metadata. These interactions are authenticated using an API_KEY loaded from environment variables.
  • [SAFE]: The skill follows secure practices for credential management by loading the API_KEY from a .env file or environment variables rather than hardcoding secrets in the source code.
Audit Metadata
Risk Level
SAFE
Analyzed
Mar 30, 2026, 12:07 AM
Security Audit — agent-trust-hub — tentacle-post2wechat