This project provides an automated security auditing skill for WeChat mini-programs, leveraging a multi-agent collaboration framework powered by Claude Code. It addresses the need for comprehensive static analysis of mini-programs, offering a dual-layer architecture that combines script-based rule coverage with LLM-driven intelligent analysis. The tool is designed for engineers and security researchers seeking to identify vulnerabilities, sensitive information leaks, API issues, and cryptographic weaknesses within WeChat mini-program codebases.

How It Works

The skill employs a sophisticated 7-agent collaborative architecture, orchestrated in distinct phases. It begins with requirement parsing and decompilation, followed by script-based pre-scanning for initial extraction of endpoints and secrets. A key innovation is Phase 2, where four specialized agents (Secret Scanner, Endpoint Miner, Crypto Analyzer, Vuln Analyzer) run in parallel to significantly accelerate the analysis. This is complemented by a dual-layer approach: Python scripts with regex ensure 100% rule coverage, while LLM agents provide intelligent analysis, filtering false positives, assessing risk, and correlating context. An optional Phase 2.5 allows for user-specified deep-dive analysis on critical interfaces or parameters.

Quick Start & Requirements

• Prerequisites: Claude Code CLI environment (supporting Agent Teams/Skill), Python 3.x (standard library only), and a Windows operating system.
• Installation: Clone the repository into your Claude Code Skill directory. You must separately obtain the unveilr.exe (a third-party WeChat mini-program decompiler) and place it in the tools/ directory.
• Running: Initiate analysis via Claude Code commands, e.g., "帮我分析这个小程序 D:\wechat\miniapp\wxapkg_files". The tool supports specifying target interfaces or security concerns for deeper, automated analysis.
• Links: The README serves as the primary documentation.

Highlighted Details

• 7 specialized agents collaborate across decompilation, secret scanning, API extraction, crypto analysis, vulnerability assessment, custom analysis, and reporting.
• Dual-layer architecture: Python scripts for comprehensive rule coverage, LLM agents for intelligent analysis and accuracy.
• Phase 2 features four analysis agents running in parallel to reduce audit time.
• Supports user-defined analysis for targeted deep dives into specific interfaces or parameters.
• Integrates with external tools like Burp Suite by accepting captured traffic information.
• Provides dual-layer reporting: a concise main report and detailed independent documents.
• Strictly static analysis; performs no network requests and generates no attack code.

Maintenance & Community

No specific details regarding maintainers, community channels (like Discord/Slack), or project roadmap are provided in the README.

Licensing & Compatibility

The project is released under the MIT License. While permissive, the README notes that the project is intended strictly for security research and legally authorized testing, and users must comply with relevant laws and regulations.

Limitations & Caveats

The current version is Windows-only due to the unveilr.exe dependency. Users must manually acquire and place this decompiler. Encrypted wxapkg files from newer PC WeChat versions require pre-decryption. Analysis of very large files (>1MB) is limited to searching for critical/high-level patterns.