baoyu-wechat-summary

SUSPICIOUS: the stated purpose matches the capabilities, but the skill relies on a third-party wx-cli binary with full access to local WeChat data and requires sandbox disabling from the outset. There is no clear malicious or exfiltration behavior in the skill text itself, yet the privacy and execution-trust footprint is substantial and should be treated as medium risk.