wechat-auto-reply

The skill is classified as suspicious due to its reliance on powerful UI automation tools (`cliclick`, AppleScript's `System Events`) and screen content reading (OCR) for its functionality. While these capabilities are plausibly needed for automating WeChat, they grant extensive control over the user's desktop environment and can interact with other applications, posing a significant risk if the underlying skill code (not provided) were to be compromised or misused. The installation via a custom Homebrew tap also introduces a supply chain risk. There is no evidence of malicious prompt injection in `SKILL.md` or other clear malicious intent in the provided files.