WeChat Studio

What to consider before installing/running: - Inspect the shipped server.py and frontend code before running. Look for network calls (requests, urllib, fetch, axios, sockets), any base64 decode/exec behavior, or code that reads system paths or environment variables. - The skill's docs and previews reference MD2WECHAT_API_KEY and an image provider (openai via https://new.suxi.ai). Even though the skill metadata lists no required env vars, the code likely expects API keys — do not supply high‑privilege credentials (AWS, personal OpenAI keys, etc.) without reviewing the code and limiting token scope. - The SKILL.md suggests obtaining an 'SK' from job.suxi.ai and entering it into the UI; that is an external third‑party service. Be cautious about giving any tokens or secrets to third parties and prefer test/least-privilege tokens. - Run the server in an isolated environment (container or VM) and with a non-privileged user. Monitor outbound network connections during initial runs to detect unexpected exfiltration attempts. - Because code is bundled, prefer to read the full server.py for any hardcoded endpoints, logging or telemetry, and check templates for absolute paths or leaked local info (the previews show /Users/Abigale/...). If you are not comfortable auditing the code, avoid running it on sensitive hosts. - If you plan to use external APIs, create separate limited-scope API keys for this tool and revoke them after testing. Confidence notes: I flagged inconsistencies between declared metadata (no env vars) and the runtime files (which reference API keys/third-party endpoints) and a prompt-injection signal was found. I did not perform a full dynamic analysis of server.py; reviewing that file for outbound calls and decoding logic would raise confidence one way or another.