baoyu-post-to-wechat

Pass

Audited by Gen Agent Trust Hub on May 21, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [COMMAND_EXECUTION]: The skill utilizes platform-specific system utilities (osascript on macOS, powershell.exe on Windows, and xdotool/ydotool on Linux) to automate desktop interactions such as keystrokes and system clipboard management for the browser-based publishing workflow.\n- [COMMAND_EXECUTION]: Browser automation is implemented using the Chrome DevTools Protocol (CDP) and the agent-browser CLI, which involve evaluating JavaScript within the browser context to interact with the WeChat Official Account editor interface.\n- [EXTERNAL_DOWNLOADS]: The publishing scripts can fetch and download images from remote URLs specified in the user's content to prepare them for upload to the WeChat platform.\n- [COMMAND_EXECUTION]: For specialized clipboard operations on macOS, the skill dynamically generates and executes temporary Swift scripts to handle image data transfers accurately.
Audit Metadata
Risk Level
SAFE
Analyzed
May 21, 2026, 07:45 AM
Security Audit — agent-trust-hub — baoyu-post-to-wechat