wxmini-security-audit

Security Verified v1.0.0
Fluxly profile Facts only: domain, agents, trust score, runtime, permissions and network
Domain
Security · security · wechat · miniprogram
Compatible agents
  • Claude Code
  • Cursor
  • Cline
  • Codex
  • Windsurf
  • Gemini CLI
  • +20
Trust score
98 / 100 · audit passed
Author / version / license
@sssmmmwww · v1.0.0 · no license declared
Token usage
Moderate
Setup complexity
Guided setup
External API key
Not required
Operating systems
macOS · Linux · Windows
Runtime requirements
Python
Permissions
  • Read-only
  • Write / modify
Network behavior
External requests
Install commands
26 variants

Profile is derived at build time from SKILL.md and install vectors. Subject to drift from author intent.

Output preview wxmini-security-audit.preview
---
name: wxmini-security-audit
description: 微信小程序全自动安全审计 Skill。使用 Agent Teams 编排多个 Agent,分阶段完成从反编译到报告生成的全流程静态安全分析。 覆盖维度:敏感信息泄露、API接口提取、加解密算法…
category: security
runtime: Python
---

# wxmini-security-audit output preview

## PART A: Task fit
- Use case: 微信小程序全自动安全审计 Skill。使用 Agent Teams 编排多个 Agent,分阶段完成从反编译到报告生成的全流程静态安全分析。 覆盖维度:敏感信息泄露、API接口提取、加解密算法分析、漏洞分析。 当用户请求分析微信小程序时触发。 从用户输入中提取 {target_dir}(小程序目录路径)。 | 变量 | 含义 | 说明 | makes outbound network calls; runs on Python. Works with Claude Code, Cursor, Cline and 23 more..
- Inputs: target material, constraints, expected output, and acceptance criteria.
- Evidence boundary: follow “核心原则(所有 Agent 必须遵守) / 编排铁律(Orchestrator 禁令,硬性约束) / 描述” and do not present inference as author intent.

## PART B: Execution result
- **01** The card summarizes the use case; runtime output centers on “微信小程序全自动安全审计 Skill。使用 Agent Teams 编排多个 Agent,分阶段完成从反编译到报告生成的全流程静态安全分析。 覆盖维度:敏感信息泄露、API接口提取、加解密算法分析、漏洞分析。 当用户请求分析微信小程序时触发。 从用户输入中提取 {target_dir}(小程序目录路径)。 | 变量 | 含义 | 说明 | makes outbound network calls; runs on Python. Works with Claude Code, Cursor, Cline and 23 more.”.
- **02** When the source has headings, the agent prioritizes “核心原则(所有 Agent 必须遵守) / 编排铁律(Orchestrator 禁令,硬性约束) / 描述” so the result follows the author’s structure.
- **03** Typical output includes task judgment, concrete steps, required commands or file edits, validation, and follow-up options.
- **04** Risk context follows the fingerprint: read files, write/modify files; may access external network resources; usually needs no extra API key.

## Running Rules
- read files, write/modify files; may access external network resources; usually needs no extra API key.
- Validate with a small sample before expanding scope.
- Return the result, validation criteria, and next iteration options.
Interpretation is structured for decision-making; original keeps the upstream SKILL.md unchanged.

Decide Fit First

  • Core job: 微信小程序全自动安全审计 Skill。使用 Agent Teams 编排多个 Agent,分阶段完成从反编译到报告生成的全流程静态安全分析。 覆盖维度:敏感信息泄露、API接口提取、加解密算法分析、漏洞分析。 当用户请求分析微信小程序时触发。 从用户输入中…
  • Best fit: Use it when the task has reusable inputs, steps, and validation criteria rather than a one-off answer.
  • Avoid forcing it: If the source lacks commands, platform support, or external-service evidence, keep those fields unknown instead of guessing.

Design Intent

  • Structure: The skill is organized around “核心原则(所有 Agent 必须遵守)”, “编排铁律(Orchestrator 禁令,硬性约束)”, “描述”, “触发方式”, showing how the author expects the agent to judge fit, collect context, and produce verifiable output.
  • Trigger evidence: Prioritize the author’s wording around when to use it, what context to collect, and what output shape to produce.
  • Evidence boundary: Author text states facts, repository files prove commands and paths, and Fluxly only adds fit, limits, and usage judgment.

How To Use It

  • Inputs: Provide target material, scope, expected result, forbidden changes, and validation method.
  • Invocation: Name wxmini-security-audit directly; if the source includes slash commands, start with the command and then add task context.
  • Validation: Start small and check whether the result follows “核心原则(所有 Agent 必须遵守) / 编排铁律(Orchestrator 禁令,硬性约束) / 描述” before expanding.

Boundaries And Review

  • Dependencies: It usually needs no extra API key, so start with a small validation task.
  • Permissions: Declared permissions include read / write; ask the agent to state file, command, and rollback boundaries before acting.
  • Quality bar: A useful result names the deliverable, evidence, and next action. Generic prose means the task needs tighter context.

Discussion

Powered by GitHub Discussions. Sign in with GitHub to comment, react, or subscribe.