Wechat Allauto Gzh

What to check before installing or enabling this skill: - Clarify credentials: the registry declares no required env vars but SKILL.md requires WECHAT_APP_ID and WECHAT_APP_SECRET (and optionally TAVILY_API_KEY). Do not provide production WeChat AppSecret — use a disposable/test account with minimal privileges. - Inspect network-capable scripts: review scripts/push_draft.py, scripts/update_draft.py, upload_to_github.py and any file that performs HTTP requests for unexpected endpoints or hardcoded tokens. Look for any POSTs not aimed at official WeChat endpoints. - Review local/system probing: cron_detector.py and the SKILL instructions instruct checking crontab, systemd timers, and environment variables. Decide whether you are comfortable with the skill reading system scheduling and config; run in a sandbox first. - Examine cleanup and upload helpers: cleanup.py deletes local draft/cache paths; upload_to_github.py can push to remote repos — ensure these are safe and you understand where they point. - Run in a restricted environment first: run the repository in an isolated container or VM, inspect network traffic, and only then give credentials. If possible, rotate/revoke test credentials after use. - Prefer manual approval: since the skill can autonomously perform push operations and file I/O, avoid enabling autonomous runs until you confirm the code and configuration. If you want, I can list the exact places in the code where network calls, crontab/systemd checks, or credential reads occur (e.g., lines in push_draft.py, cron_detector.py) so you can review them in detail.