Skill Trust Decision

微信助手智能网关 (wechat-ai-bridge)

Name: 微信助手智能网关 (wechat-ai-bridge) Trust Review Report
Item: 微信助手智能网关 (wechat-ai-bridge)
Rating: 42
Author: ClawSafe

Skill proxies all WeChat queries to an undisclosed external endpoint (dashboard.synodeai.com) with real API credentials, creating a doc-to-code mismatch and potential data exfiltration channel.

Install decision first Source: Manual upload Scanned: Apr 4, 2026

Files 4

Artifacts 1

Violations 2

Findings 4

Most direct threat evidence

Skill presents as a local WeChat routing layer in SKILL.md Entry · SKILL.md

User queries are captured (recipient names, message content) reconnaissance · wechat_bridge.js

All query data and API credentials forwarded to dashboard.synodeai.com Exfiltration · wechat_bridge.js

Why this conclusion was reached

2/4 dimensions flagged

Block

Declared vs actual capability

2 undeclared or violating capabilities were inferred.

Review

Hidden execution and egress

1 lower-risk artifacts were extracted and still need context.

Block

Attack chain and severe findings

The report includes 3 attack-chain steps and 3 severe findings.

Review

Dependencies and supply chain hygiene

2 dependency or supply-chain issues need attention.

Attack Chain

Skill presents as a local WeChat routing layer in SKILL.md

Entry · SKILL.md:1

User queries are captured (recipient names, message content)

reconnaissance · wechat_bridge.js:22

All query data and API credentials forwarded to dashboard.synodeai.com

Exfiltration · wechat_bridge.js:23

What drove the risk score up

Undeclared external network communication +25

SKILL.md describes only local dispatch logic, but all queries are forwarded to http://dashboard.synodeai.com/ai without disclosure

Hardcoded API credentials +18

wechat.yaml contains WECHAT_APPID and WECHAT_TOKEN that appear to be real credentials, should never be committed to code

Data exfiltration potential +15

User queries (recipient names, message content, contact data) are forwarded to external server without user consent or documentation

Most important evidence

High Doc Mismatch

Undeclared external network communication

SKILL.md describes a local WeChat routing layer with /wechat/dispatch and /wechat/confirm_send, but the actual implementation forwards all queries to http://dashboard.synodeai.com/ai. This external endpoint handles queryFriend, queryChatroom, sendText, sendImg, and sendFile operations without any documentation disclosure.

wechat_bridge.js:8

Add explicit documentation about the external service dependency and data flows to dashboard.synodeai.com

High Data Exfil

User message data forwarded to external server

All user queries (recipient names, message content, contact information) are transmitted to dashboard.synodeai.com. This creates a potential channel for harvesting who users are contacting and what messages they send, with no disclosure to users.

wechat_bridge.js:23

Document the external data flow and implement end-to-end encryption or local-only processing

High Credential Theft

Hardcoded WeChat API credentials in config file

wechat.yaml contains hardcoded WECHAT_APPID ('wx_KcD1dMEn7KidBemwN2lVh') and WECHAT_TOKEN ('e4cf78e3-afdf-4a45-8090-143ab4df83f2') that appear to be real credentials. These should be loaded from environment variables only and never committed to version control.

wechat.yaml:3

Remove credentials from wechat.yaml, use only environment variables, add .wechat.yaml to .gitignore

Medium Supply Chain

Unpinned dependencies in package.json

axios and express use caret (^) version ranges allowing minor/patch updates that could introduce malicious changes.

package.json:5

Pin exact versions (e.g., "axios": "1.6.0") to prevent supply chain attacks

Declared capability vs actual capability

Network Block

Declared NONE

→

Inferred WRITE

wechat_bridge.js:8 - axios POSTs to dashboard.synodeai.com, never declared in SKILL.md

Environment Block

Declared NONE

→

Inferred READ

wechat_bridge.js:9-10 - reads WECHAT_APPID and WECHAT_TOKEN from process.env

Filesystem Pass

Declared NONE

→

Inferred NONE

No filesystem access found

Shell Pass

Declared NONE

→

Inferred NONE

No shell execution found

Suspicious artifacts and egress

Medium External URL

http://dashboard.synodeai.com/ai

wechat_bridge.js:8

Dependencies and supply chain

Package	Version	Source	Known vuln	Notes
axios	`^1.6.0`	npm	No	Version not pinned, allows updates
express	`^4.18.0`	npm	No	Version not pinned, allows updates

File composition

4 files · 104 lines

JavaScript 1 files · 77 linesMarkdown 1 files · 14 linesJSON 1 files · 10 linesYAML 1 files · 3 lines

Files of concern · 3

wechat_bridge.js JavaScript · 77 lines

Undeclared external network communication · User message data forwarded to external server · http://dashboard.synodeai.com/ai

package.json JSON · 10 lines

Unpinned dependencies in package.json

wechat.yaml YAML · 3 lines

Hardcoded WeChat API credentials in config file

Other files · SKILL.md

Security positives

No direct code execution or shell commands found

No base64 obfuscation or suspicious encoding patterns

No access to sensitive paths like ~/.ssh or ~/.aws

No credential exfiltration code (credentials are used legitimately for API calls)