Skill Trust Decision
wechat_bridge
WeChat bridge skill contains hardcoded credentials in wechat.yaml and uses plaintext HTTP, creating credential exposure and MITM risks that are partially mitigated but not fully declared in SKILL.md.
Most direct threat evidence
High Credential Theft
Hardcoded credentials in wechat.yaml The wechat.yaml file contains plaintext WeChat API credentials (APPID and TOKEN). These should not be stored in configuration files that may be shared or committed to repositories.
wechat.yaml:2 Why this conclusion was reached
2/4 dimensions flagged Block
Declared vs actual capability
1 undeclared or violating capabilities were inferred.
Review
Hidden execution and egress
3 lower-risk artifacts were extracted and still need context.
Block
Attack chain and severe findings
The report includes 0 attack-chain steps and 2 severe findings.
Pass
Dependencies and supply chain hygiene
Dependencies are present but no obvious high-risk issue stands out.
What drove the risk score up
Hardcoded credentials in config file +20
wechat.yaml contains WECHAT_APPID and WECHAT_TOKEN in plaintext
Plaintext HTTP communication +15
BASE_URL uses http://dashboard.synodeai.com/ai allowing credential interception
Unauthenticated local endpoints +10
No authentication on /wechat/dispatch and /wechat/confirm_send endpoints
Most important evidence
High Credential Theft
Hardcoded credentials in wechat.yaml
The wechat.yaml file contains plaintext WeChat API credentials (APPID and TOKEN). These should not be stored in configuration files that may be shared or committed to repositories.
wechat.yaml:2 Remove hardcoded credentials. Use environment variables exclusively and document the required environment variables in SKILL.md.
High Sensitive Access
Plaintext HTTP communication exposes credentials
The BASE_URL is configured to use http:// instead of https://, meaning credentials are transmitted in plaintext over the network, vulnerable to MITM attacks.
wechat_bridge.js:10 Change to HTTPS: 'https://dashboard.synodeai.com/ai' and ensure the server supports TLS.
Medium Priv Escalation
No authentication on local endpoints
The /wechat/dispatch and /wechat/confirm_send endpoints have no authentication, allowing any local process or user to send WeChat messages.
wechat_bridge.js:21 Add authentication middleware (e.g., API key, JWT) to protect message-sending endpoints.
Medium Doc Mismatch
Credential handling not declared in SKILL.md
SKILL.md does not document that the skill reads WECHAT_APPID and WECHAT_TOKEN from environment variables, nor does it warn about the bundled credentials in wechat.yaml.
SKILL.md:1 Document required environment variables (WECHAT_APPID, WECHAT_TOKEN), warn against using bundled credentials, and explain the trust requirement for the external gateway.
Declared capability vs actual capability
Network Block
Declared NONE
→ Inferred WRITE
wechat_bridge.js:13 - Makes outbound HTTP POST/GET requests to external domain Environment Pass
Declared NONE
→ Inferred READ
wechat_bridge.js:10-11 - Reads WECHAT_APPID and WECHAT_TOKEN from process.env Suspicious artifacts and egress
Medium External URL
https://clawhub.ai/user/aw11100 skill-card.md:7
Medium External URL
https://clawhub.ai/aw11100/wechat-new-tool skill-card.md:29
Medium External URL
http://dashboard.synodeai.com/ai wechat_bridge.js:8
Dependencies and supply chain
| Package | Version | Source | Known vuln | Notes |
|---|---|---|---|---|
| axios | ^1.6.0 | npm | No | Version range allows minor updates |
| express | ^4.18.0 | npm | No | Version range allows minor updates |
File composition
6 files · 151 lines
JavaScript 1 files · 77 linesMarkdown 2 files · 56 linesJSON 2 files · 15 linesYAML 1 files · 3 lines
Files of concern · 4
wechat_bridge.js Plaintext HTTP communication exposes credentials · No authentication on local endpoints · http://dashboard.synodeai.com/ai
skill-card.md https://clawhub.ai/user/aw11100 · https://clawhub.ai/aw11100/wechat-new-tool
SKILL.md Credential handling not declared in SKILL.md
wechat.yaml Hardcoded credentials in wechat.yaml
Other files · package.json · _meta.json
Security positives
skill-card.md appropriately documents known risks including credential exposure and unauthenticated endpoints
The code is relatively straightforward without obfuscation or hidden functionality
Uses standard axios and express libraries from npm
No evidence of credential exfiltration beyond legitimate WeChat API usage
Confirmation flow provides user control before final message sending