sssmmmwww

sssmmmwww / wxmini-security-audit

Public

微信小程序全自动安全审计 Skill,基于 Claude Code Agent Teams。7 Agent 协作,覆盖敏感信息、API接口、加密分析、漏洞分析四大维度。采用脚本+LLM双层架构,脚本保证覆盖率,LLM保证准确率。

71
7
100% credibility
Found Apr 06, 2026 at 15 stars 2x -- GitGems finds repos before they trend. Get early access to the next one.
Sign Up Free
AI Analysis
Python
AI Summary

A scanning tool that examines code files in a folder to detect and report accidentally hardcoded sensitive credentials, keys, and personal data, especially for WeChat mini-programs.

How It Works

1
📰 Discover the secret checker

You hear about a handy tool that helps spot hidden private info like passwords accidentally left in your app's files.

2
📁 Gather your files

Collect all your app's code and config files into one easy folder to check.

3
🔍 Start the scan

Point the tool at your folder and let it search for any sensitive details.

4
Scanning magic

It zips through every file, highlighting exactly where private info might be exposed.

5
📋 Review the findings

Open the simple report that lists what was found, with helpful context and risk levels.

6
🛡️ Clean up securely

Follow the tips to remove or hide the spotted secrets properly.

Project secured

Your app files are now safe from leaks, giving you peace of mind to build and share confidently.

Sign up to see the full architecture

5 more

Sign Up Free

Star Growth

See how this repo grew from 15 to 71 stars Sign Up Free
Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose
AI-Generated Review

What is wxmini-security-audit?

This Python tool runs fully automated security audits on WeChat Mini Programs, deploying 7 collaborating Claude agents to probe sensitive info leaks, API endpoints, encryption flaws, and vulnerabilities. Point it at a project directory via CLI, and it spits out JSON reports on findings across four key dimensions, using scripts for exhaustive coverage and Anthropic's LLM for precise analysis. It's a github skill anthropic built for skill claude code workflows, solving the pain of manual audits in fast-paced mini app dev.

Why is it gaining traction?

In the crowded github skill marketplace and skill claude directory, it hooks WeChat devs with agent-based audits that outpace basic regex scanners or generic skill github copilot tools—delivering LLM-boosted accuracy on China-specific secrets like WeCom tokens without setup hassle. The dual script-LLM setup ensures no misses on endpoints or pay keys, making it a practical add for CI pipelines in skill claude api chains.

Who should use this?

WeChat Mini Program maintainers spotting hardcoded app secrets or API exposures during code reviews. Security auditors for Chinese apps needing quick scans on wxml/js files before deployment. Teams integrating agent audits into github skill compose flows for compliance checks.

Verdict

Grab it for niche WeChat audits if you're in the ecosystem—solid user-facing CLI and JSON output—but treat as alpha with 12 stars and 1.0% credibility score; lacks polish, tests, and full docs, so validate outputs manually first. (187 words)

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.