weixin-article-to-obsidian-cn

Pass

Audited by Gen Agent Trust Hub on Jun 30, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The script scripts/download_weixin_article.py utilizes subprocess.run to call the opencli command if it is installed on the system. This external tool is used to help download and convert article content. The script passes arguments as a list rather than a shell string, which prevents command injection vulnerabilities.
  • [EXTERNAL_DOWNLOADS]: The skill performs network requests to mp.weixin.qq.com and WeChat's image CDN (mmbiz.qpic.cn) using the urllib.request library. These operations are essential for its primary function of archiving articles and are restricted to the domains relevant to the skill's stated purpose.
  • [SAFE]: The skill implements a security check using Path.relative_to to ensure that the target directory for saving Markdown files remains within the specified Obsidian vault root. This prevents path traversal attacks that could otherwise allow writing files to arbitrary locations on the system.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 30, 2026, 03:17 PM
Security Audit — agent-trust-hub — weixin-article-to-obsidian-cn