baoyu-post-to-wechat

Fail

Audited by Socket on May 21, 2026

2 alerts found:

AnomalyMalware
AnomalyLOW
scripts/wechat-agent-browser.ts

This code is a legitimate-appearing, purpose-built WeChat editor automation tool, but it performs high-privilege operations: it executes JavaScript in the automated browser context via eval-like commands and includes a sensitive fallback that reads local files using fetch('file://...') and uploads them. No explicit credential theft, persistence, or obvious malicious network behavior is present in this module; however, the eval capability and local-file-to-browser fallback make the supply-chain security risk meaningfully elevated and dependent on the safety of the agent-browser binary and runtime trust model.

Confidence: 62%Severity: 63%
MalwareHIGH
scripts/wechat-article.ts

This module contains a clear high-risk behavior: it attempts to exfiltrate the WeChat login QR code to Telegram using bot token/chat id from environment variables. It also fetches the QR image URL with browser credentials included, potentially accessing credential-protected resources. While the rest of the code is primarily UI automation for posting, the QR-to-Telegram path is strongly indicative of credential/2FA artifact theft or at least unauthorized tracking/exfiltration. Additional risk may exist in imported local modules, but from this file alone the Telegram QR exfiltration is the key malicious/sabotage signal.

Confidence: 82%Severity: 90%
Audit Metadata
Analyzed At
May 21, 2026, 07:47 AM
Package URL
pkg:socket/skills-sh/yelban%2Fbaoyu-skills.TW%2Fbaoyu-post-to-wechat%2F@4cd044072aa1eeccdfb2472dd4cec2977fcd27b5
Security Audit — socket — baoyu-post-to-wechat