wechatpay-payment-integration
Pass
Audited by Gen Agent Trust Hub on Jul 6, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill manages a local knowledge base using a Python script (
wechatpay-docs-sync.py) that synchronizes documentation by downloading a ZIP archive fromhttps://wx.gtimg.com/resource/wechatpay_api/wechatpay-docs.zip. This domain is an official resource host for Tencent services. - [COMMAND_EXECUTION]: For the 'APIv3 Dynamic Troubleshooting' capability, the agent is instructed to execute shell commands using the
wechatpay-dev-cliutility. This allows the agent to interact with payment APIs for diagnostic purposes (listing endpoints, building payloads, and performing queries). - [EXTERNAL_DOWNLOADS]: The instructions recommend the installation of the
@tenpay/wechatpay-dev-clipackage from the public NPM registry. This package is an official tool provided by the payment platform vendor. - [SAFE]: The skill implements a secure 'Local Signing' workflow. Instead of requesting sensitive API certificates or private keys, it provides the user with helper scripts (
extract_and_sign.shandextract_and_sign.ps1) to run on their own hardware. The agent only processes the final signature result, ensuring that private keys and P12 passwords remain strictly on the user's local system.
Audit Metadata