baoyu-post-to-wechat

Possible hardcoded credential

scripts/wechat-article.ts · prose · downgraded · token=')); const wechatTab = loggedInTab || allTargets.targetInfos.find(t

References child_process — can spawn system processes

scripts/cdp.ts · prose · downgraded · child_process

Uses spawn() — can execute external programs

scripts/copy-to-clipboard.ts · prose · downgraded · spawn(

HTTP request to bare IP address — common in malicious payloads

scripts/vendor/baoyu-chrome-cdp/src/index.ts · prose · downgraded · http://127.0.0.1

Raw socket connection — low-level network access

scripts/vendor/baoyu-chrome-cdp/src/index.ts · prose · downgraded · socket.connect(

Uses exec() — may execute shell commands

scripts/vendor/baoyu-md/src/extensions/alert.ts · prose · downgraded · exec(

Dynamic import() — loads module at runtime

scripts/vendor/baoyu-md/src/extensions/infographic.ts · prose · downgraded · import('

References agent configuration files

SKILL.md · prose · downgraded · CLAUDE.md

Opens WebSocket connection

scripts/vendor/baoyu-chrome-cdp/src/index.ts · prose · downgraded · WebSocket

String.fromCharCode — can build strings to evade detection

scripts/vendor/baoyu-md/src/extensions/plantuml.ts · prose · downgraded · String.fromCharCode

Base64 encode (btoa) — may obfuscate data exfiltration

scripts/vendor/baoyu-md/src/extensions/plantuml.ts · prose · downgraded · btoa(

Popular HTTP library — network access

scripts/wechat-article.ts · prose · downgraded · got

Accesses sensitive environment variables

scripts/wechat-extend-config.ts · prose · downgraded · process.env.WECHAT_APP_SECRET