wechat-new-tool

The skill bundle contains hardcoded sensitive credentials (WECHAT_APPID and WECHAT_TOKEN) within the wechat.yaml file, which is a significant security risk. Furthermore, wechat_bridge.js routes all WeChat interaction data, including contact lists and message content, to an external third-party endpoint (dashboard.synodeai.com), which poses privacy and data exposure risks despite being aligned with the tool's stated purpose.