ClawAudit verdict
yq-weixin-connect
Reads local files AND makes external network calls
Personal WeChat connection skill that installs a Tencent-published npm package and calls the official ilinkai.weixin.qq.com endpoint to obtain a QR code for login; all operations are attributed to documented Tencent APIs.
Automated static analysis — not a human review. ClawAudit flags capabilities, not confirmed intent, and can produce false positives. Disagree with this verdict? Use Dispute below.
What it does
These are capability combinations: each listed behavior occurs in the skill, but ClawAudit detects co-occurrence — it does not verify that one flows into another. Read the code to confirm a live chain.
Reads local files AND makes external network calls — the capabilities for data exfiltration co-occur (data-flow not verified)
LLM02 · LLM06 · ASI03
Accesses credentials AND writes files — may persist stolen credentials locally
LLM02 · LLM06 · ASI03
Both reads and writes files — verify scope is limited to intended directories
LLM06 · ASI02
Permission integrity
network_out
file_read+write
package_install
Findings (4)
Recursive delete from root or home — destructive command
SKILL.md · code · rm -rf ~
Possible hardcoded credential
SKILL.md · code · token: '<bot_token>
Long base64 string (100+ chars) — likely obfuscated payload
SKILL.md · frontmatter · 3045022066f0177a83396e1fdb740c805c1a818a1536243f3983c7d21bcf93fee2c23ef402210080
Uses exec() — may execute shell commands
SKILL.md · prose · downgraded · exec(
Permissions & capabilities
No declared permissions — minimal attack surface.
package_installnetwork_outfile_readfile_writecredential_access Thanks — recorded.