wechat-2d-render

No direct malware behaviors (credential theft/exfiltration/backdoor primitives) are evident in this bash wrapper itself. However, it is a high-sensitivity supply-chain execution harness: it clones or updates a remote repository from a default branch without pinning/signature/integrity verification, installs dependencies via pnpm (which can run lifecycle code), and executes repo-defined scripts (remotion:ensure-browser and remotion:render) with caller-provided props and output paths. If the remote repo or its dependencies are compromised, arbitrary code execution and unintended data/file/network actions are plausible.

SUSPICIOUS: the skill's purpose and capabilities are broadly aligned, but it instructs the agent to clone an unpinned third-party GitHub repo, install dependencies, and execute project scripts from the moving default branch. That is a real supply-chain risk, though there is no clear credential theft, covert behavior, or incompatible data exfiltration.