✓
Purpose & Capability
Name/description match the provided assets: extensive docs, language-specific sample code, and diagnostic scripts for WeChat Pay integration (payments, refunds, bills, profit-sharing, onboarding). The included files are exactly what a payments integration help skill would reasonably contain.
ℹ
Instruction Scope
SKILL.md is prescriptive and narrowly scoped: it requires explicit user consent before collecting parameters, forbids writing files to the user's project, and instructs scripts to be run on the user's servers (signing is done locally). One ambiguity: several places say the agent will 'execute the corresponding query scripts' when offering to help—the skill also states scripts should be run on the user's server and private keys must not be shared. This is consistent but relies on the agent and user following the 'do not transmit private keys' rule; the user should verify the agent will not request or accept private keys or other secrets.
✓
Install Mechanism
No install spec — instruction-only skill with bundled docs and example code. Nothing is downloaded from arbitrary URLs at install time. The only external asset in the content is a GitHub raw URL for a QR image (commons host).
✓
Credentials
The skill does not request environment variables, binaries, or credentials in its registry metadata. SKILL.md explicitly prohibits acquiring merchant private keys and requires the user to perform signing locally and only pass back Base64 signature values, timestamps, and nonces — which is proportionate to diagnostic scripts that need signed requests.
✓
Persistence & Privilege
always:false and no install steps. The skill does not request persistent privileges or system-wide configuration changes. It does not declare the ability to auto-enable itself or modify other skills.
Scan Findings in Context
[base64-block] expected: SKILL.md instructs users to provide Base64-encoded signatures (scripts use '签名值(Base64)'), which is expected for a signing workflow. The scanner flagged a 'base64-block' pattern but in context this appears to be legitimate usage (signed payloads) rather than prompt-injection. Still, treat any pasted Base64 blobs as sensitive since they may represent signed tokens/credentials.
Assessment
This skill is internally coherent for WeChat Pay guidance: it bundles official-style docs, many language sample files, and helper scripts. Before installing or using it:
- Review bundled sample code (especially scripts) for hard-coded secrets, test credentials, or insecure practices before copying into production.
- Never paste or transmit your private API key or private certificate to the agent. Follow the skill's recommended flow: perform signing on your own server and only share the minimal signature output (Base64 signature, timestamp, nonce) if needed.
- When the skill offers to 'run' diagnostic scripts, confirm whether it means you should run them locally — do not allow the agent to run commands on your environment or to upload your private keys.
- If you plan to use any examples in production, rotate any test credentials, run static analysis on the code, and test in a sandbox merchant account first.
If you want, I can (a) scan the bundled code files for obvious hard-coded credentials and risky patterns, or (b) point out exactly which files to inspect first (e.g., scripts/商户/*.py and any 'utility' files that might load keys).
