Security Audit

wecom

github.com/openclaw/skills

AI SkillCommit 13146e6a3d46

TRUSTED

Scanned about 2 months ago

Critical

Immediate action required

High

Priority fixes suggested

Medium

Best practices review

Low

Acknowledged / Tracked

Trust Assessment

wecom received a trust score of 91/100, placing it in the Trusted category. This skill has passed all critical security checks and demonstrates strong security practices.

SkillShield's automated analysis identified 3 findings: 0 critical, 0 high, 1 medium, and 1 low severity. Key findings include Unpinned npm dependency version, Reliance on 'npx ts-node' for skill execution, Potential for external resource loading via markdown content.

The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. All layers scored 70 or above, reflecting consistent security practices.

Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.

Layer Breakdown

Manifest Analysis

100%

Static Code Analysis

100%

Dependency Graph

93%

LLM Behavioral Safety

98%

Behavioral Risk Signals

Network Access

1 finding

Shell Execution

2 findings

Dynamic Code

1 finding

Security Findings3

Severity	Finding	Layer	Location
MEDIUM	Unpinned npm dependency version Dependency '@modelcontextprotocol/sdk' is not pinned to an exact version ('^1.0.0'). Pin dependencies to exact versions to reduce drift and supply-chain risk.	Dependencies	skills/qidu/wecom/package.json
LOW	Reliance on 'npx ts-node' for skill execution The 'mcp.command' in skill.json uses 'npx ts-node src/index.ts' to run the skill. While 'ts-node' is a legitimate tool, 'npx' resolves and executes packages at runtime, potentially downloading them if not locally present. This introduces a dependency on the 'npx' resolution mechanism and the integrity of the 'ts-node' package at the time of execution, which can be a supply chain risk if a malicious package were to masquerade as 'ts-node' or if 'npx' itself were compromised. The 'package.json' lists 'ts-node' as a devDependency, and the 'start' script uses 'node dist/index.js', suggesting the compiled JavaScript is the intended production runtime. Consider using the compiled JavaScript for the 'mcp.command' (e.g., 'node dist/index.js') to ensure a more controlled execution environment and reduce reliance on runtime package resolution by 'npx'. If 'ts-node' is required, ensure it's a direct, pinned dependency.	LLM	skill.json:19
INFO	Potential for external resource loading via markdown content The `send_wecom_markdown` tool directly passes user-provided `content` to the WeCom webhook. WeCom markdown supports embedding external resources like images (`<img src="url" />`) and links (`<a href="url">text</a>`). If an attacker can control the `content` provided to this tool, they could embed malicious URLs, tracking pixels, or phishing links into messages sent to WeCom users. While this is a feature of WeCom's markdown and not a direct vulnerability in the skill's execution, the skill acts as a conduit for potentially harmful content if misused. Educate users about the risks of embedding untrusted content in markdown messages. If the skill is exposed to untrusted external input, consider implementing content sanitization or validation for markdown content to restrict potentially harmful tags or attributes (e.g., `src` attributes pointing to untrusted domains) before sending it to WeCom.	LLM	src/index.ts:90

Scan History

Embed Code

[![SkillShield](https://skillshield.io/api/v1/badge/9c67d4024d00a194.svg)](https://skillshield.io/report/9c67d4024d00a194)