WeChat Mini Program → uni-app + Vue3 + TypeScript Conversion

Security checks across static analysis, malware telemetry, and agentic risk

Overview

This is a coherent project-conversion skill that reads a WeChat Mini Program and writes a uni-app/Vue/TypeScript output project, with manageable filesystem-write cautions.

Install this only if you want an agent to inspect a WeChat Mini Program source tree and generate many converted files. Provide an explicit fresh output folder, avoid pointing it at an existing project directory, and review generated code and dependencies before running the converted app.

SkillSpector (2)

By NVIDIA

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The trigger conditions are broad enough to activate on generic analysis, migration, or code-generation requests that may fall outside the user's intended scope. That can cause the agent to overtake unrelated tasks and initiate invasive project-wide actions, including code transformation and file generation, on loosely matched prompts.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The skill directs the agent to write a full converted project to disk without requiring overwrite checks, dry-run behavior, or explicit confirmation of the destination. In practice, this can lead to destructive bulk file creation or replacement in user-controlled paths, especially when the output directory is adjacent to the source or ambiguously specified.

Static analysis

No static analysis findings were reported for this release.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal