Dangerous exec
Critical
- Finding
- Shell command execution detected (child_process).
Baoyu Post To Wechat
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This skill appears designed to post to WeChat as advertised, but review it first because it can use official-account credentials or browser sessions, automatically trust project config, and drive your browser/clipboard.
Install only if you trust this publisher and need automated WeChat Official Account posting. Before running it, inspect any project/user EXTEND.md, keep AppSecrets out of shared repositories, confirm the target WeChat account and Chrome profile, and expect the skill to control Chrome, clipboard, and local commands during browser workflows.
Static analysis
Dangerous exec
Critical
- Finding
- Shell command execution detected (child_process).
Dangerous exec
Critical
- Finding
- Shell command execution detected (child_process).
Dangerous exec
Critical
- Finding
- Shell command execution detected (child_process).
Dangerous exec
Critical
- Finding
- Shell command execution detected (child_process).
Dangerous exec
Critical
- Finding
- Shell command execution detected (child_process).
Dangerous exec
Critical
- Finding
- Shell command execution detected (child_process).
Dangerous exec
Critical
- Finding
- Shell command execution detected (child_process).
Dangerous exec
Critical
- Finding
- Shell command execution detected (child_process).
Env credential access
Critical
- Finding
- Environment variable access combined with network send.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
#
ASI03: Identity and Privilege Abuse
Medium
What this means
If the wrong credential or Chrome profile is used, content could be created under the wrong WeChat Official Account or sensitive account secrets could be exposed through local config handling.
Why it was flagged
WeChat AppSecret values and logged-in Chrome profiles can authorize actions as an Official Account, which is high-impact account authority.
Skill content
EXTEND.md supports managing multiple WeChat Official Accounts... each account can have its own credentials, Chrome profile... `app_id`, `app_secret`, `chrome_profile_path`
Recommendation
Store WeChat secrets outside project files where possible, avoid committing EXTEND.md with secrets, use a dedicated Chrome profile, and verify the selected account before posting.
#
ASI06: Memory and Context Poisoning
Medium
What this means
A stale or untrusted project config could silently change the publishing method, account, author, comment settings, or profile used by the skill.
Why it was flagged
Project or user EXTEND.md files are persistent context that can control account settings and may be applied automatically, including single-account auto-selection.
Skill content
Found | Read, parse, apply settings ... `accounts` with 1 entry | Auto-select, no prompt
Recommendation
Review `.baoyu-skills/baoyu-post-to-wechat/EXTEND.md` before use, especially in projects from others, and require an explicit account confirmation for publishing.
#
ASI02: Tool Misuse and Exploitation
Medium
What this means
If focus is wrong, clipboard contents could be pasted into another application, and the automation may interact with WeChat in ways users should explicitly approve.
Why it was flagged
The script can send real OS-level paste keystrokes to the active app and explicitly describes bypassing website detection of synthetic events.
Skill content
Send real paste keystroke (Cmd+V / Ctrl+V) to the frontmost application ... This bypasses CDP's synthetic events which websites can detect and ignore.
Recommendation
Use browser mode only when Chrome is clearly focused and the target page/account is visible; prefer safer API/draft workflows when possible.
#
ASI04: Agentic Supply Chain Vulnerabilities
Low
What this means
The first run may depend on the npm/npx supply chain rather than only local bundled files.
Why it was flagged
If Bun is not already installed, the documented fallback may fetch and run Bun via npx at runtime.
Skill content
Resolve `${BUN_X}` runtime: if `bun` installed → `bun`; if `npx` available → `npx -y bun`Recommendation
Install Bun from a trusted source in advance or review the runtime download path before using the skill.