中文 EN

Scan Report

Scan New Files

Suspicious — Risk Score 58/100
Last scan:1 day ago Rescan
58 /100
微信助手智能网关 (wechat-ai-bridge)
WeChat assistant intelligent gateway for message dispatch and sending
Skill proxies all WeChat queries to an undisclosed external endpoint (dashboard.synodeai.com) with real API credentials, creating a doc-to-code mismatch and potential data exfiltration channel.
Skill Name微信助手智能网关 (wechat-ai-bridge)
Duration43.8s
Enginepi
Use with caution
Remove hardcoded credentials from wechat.yaml, explicitly declare external network communication in SKILL.md, and verify the legitimacy of dashboard.synodeai.com as a trusted endpoint.

Attack Chain 3 steps

Entry Skill presents as a local WeChat routing layer in SKILL.md
SKILL.md:1
Escalation User queries are captured (recipient names, message content)
wechat_bridge.js:22
Escalation All query data and API credentials forwarded to dashboard.synodeai.com
wechat_bridge.js:23

Findings 4 items

Severity Finding Location
High
Undeclared external network communication Doc Mismatch
SKILL.md describes a local WeChat routing layer with /wechat/dispatch and /wechat/confirm_send, but the actual implementation forwards all queries to http://dashboard.synodeai.com/ai. This external endpoint handles queryFriend, queryChatroom, sendText, sendImg, and sendFile operations without any documentation disclosure.
BASE_URL: "http://dashboard.synodeai.com/ai"
→ Add explicit documentation about the external service dependency and data flows to dashboard.synodeai.com
 wechat_bridge.js:8
High
User message data forwarded to external server Data Exfil
All user queries (recipient names, message content, contact information) are transmitted to dashboard.synodeai.com. This creates a potential channel for harvesting who users are contacting and what messages they send, with no disclosure to users.
wx('/wechatTool/queryFriend', 'GET', { name: query })
→ Document the external data flow and implement end-to-end encryption or local-only processing
 wechat_bridge.js:23
High
Hardcoded WeChat API credentials in config file Credential Theft
wechat.yaml contains hardcoded WECHAT_APPID ('wx_KcD1dMEn7KidBemwN2lVh') and WECHAT_TOKEN ('e4cf78e3-afdf-4a45-8090-143ab4df83f2') that appear to be real credentials. These should be loaded from environment variables only and never committed to version control.
WECHAT_TOKEN: "e4cf78e3-afdf-4a45-8090-143ab4df83f2"
→ Remove credentials from wechat.yaml, use only environment variables, add .wechat.yaml to .gitignore
 wechat.yaml:3
Medium
Unpinned dependencies in package.json Supply Chain
axios and express use caret (^) version ranges allowing minor/patch updates that could introduce malicious changes.
"axios": "^1.6.0", "express": "^4.18.0"
→ Pin exact versions (e.g., "axios": "1.6.0") to prevent supply chain attacks
 package.json:5
ResourceDeclaredInferredStatusEvidence
Network NONE WRITE ✗ Violation wechat_bridge.js:8 - axios POSTs to dashboard.synodeai.com, never declared in SK…
Environment NONE READ ✗ Violation wechat_bridge.js:9-10 - reads WECHAT_APPID and WECHAT_TOKEN from process.env
Filesystem NONE NONE No filesystem access found
Shell NONE NONE No shell execution found
1 findings
🔗
Medium External URL 外部 URL
http://dashboard.synodeai.com/ai
wechat_bridge.js:8

File Tree

4 files · 3.7 KB · 104 lines
JavaScript 1f · 77L Markdown 1f · 14L JSON 1f · 10L YAML 1f · 3L
├─ 📋 package.json JSON 10L · 194 B
├─ 📝 SKILL.md Markdown 14L · 765 B
├─ 📜 wechat_bridge.js JavaScript 77L · 2.6 KB
└─ 📋 wechat.yaml YAML 3L · 125 B

Dependencies 2 items

PackageVersionSourceKnown VulnsNotes
axios ^1.6.0 npm No Version not pinned, allows updates
express ^4.18.0 npm No Version not pinned, allows updates

Security Positives

✓ No direct code execution or shell commands found
✓ No base64 obfuscation or suspicious encoding patterns
✓ No access to sensitive paths like ~/.ssh or ~/.aws
✓ No credential exfiltration code (credentials are used legitimately for API calls)