Trust Assessment
wechat-publisher received a trust score of 45/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 4 findings: 1 critical, 1 high, 2 medium, and 0 low severity. Key findings include Persistence / self-modification instructions, Persistence mechanism: Shell RC file modification, Potential Command Injection via `publish.sh` script.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.
Last analyzed on February 14, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings4
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Persistence / self-modification instructions Shell RC file modification for persistence Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/getmolty/wechat-publisherlc/SKILL.md:281 | |
| HIGH | Potential Command Injection via `publish.sh` script The skill's documentation instructs users to execute `./scripts/publish.sh` with a user-provided Markdown file path (e.g., `./scripts/publish.sh /path/to/article.md`). If the `publish.sh` script does not properly sanitize this input path, a malicious user could inject arbitrary shell commands by crafting a specially named file or path. For instance, a path like `/path/to/article.md; rm -rf /` could lead to unintended command execution. The `publish.sh` script must rigorously sanitize all user-provided arguments before execution. Ensure arguments are properly quoted (e.g., `"$1"`) and consider using functions like `realpath` or `basename` to restrict path manipulation. Ideally, avoid direct shell execution of user-controlled strings. | LLM | SKILL.md:80 | |
| MEDIUM | Persistence mechanism: Shell RC file modification Detected Shell RC file modification pattern. Persistence mechanisms allow malware to survive system restarts. Review this persistence pattern. Skills should not modify system startup configuration. | Static | skills/getmolty/wechat-publisherlc/SKILL.md:281 | |
| MEDIUM | Automatic global `npm` package installation by script The documentation states that the `publish.sh` script "automatically detects and installs wenyan-cli (if not installed)" using `npm install -g @wenyan-md/cli`. Automatically installing global packages via a script introduces a supply chain risk. If the `wenyan-md/cli` package or the npm registry were compromised, the skill could inadvertently install malicious software with global permissions on the user's system without explicit user confirmation for that specific action. Avoid automatic global package installations. Instead, instruct the user to manually install dependencies or use a sandboxed environment (e.g., `npx`, Docker, or local `node_modules` installation) to manage dependencies. If global installation is deemed necessary, provide clear warnings and verification steps to the user. | LLM | SKILL.md:43 |
Scan History
Embed Code
[](https://skillshield.io/report/fc156dd69932d8d0)
Powered by SkillShield