diff --git a/2wm.png b/2wm.png
new file mode 100644
index 0000000..c2ff491
Binary files /dev/null and b/2wm.png differ
diff --git a/README.md b/README.md
index 5fe50e3..2b7ad87 100644
--- a/README.md
+++ b/README.md
@@ -28,6 +28,14 @@ WeFlow 是一个**完全本地**的微信**实时**聊天记录查看、分析
 > [!TIP]
 > 如果导出聊天记录后，想深入分析聊天内容可以试试 [ChatLab](https://chatlab.fun/)
 
+# 加入微信交流群
+
+> 🎉 扫码加入微信群，与其他 WeFlow 用户一起交流问题和使用心得。
+
+<p align="center">
+  <img src="2wm.png" alt="WeFlow 微信交流群二维码" width="220">
+</p>
+
 ## 主要功能
 
 - 本地实时查看聊天记录
diff --git a/electron/main.ts b/electron/main.ts
index 9747a28..d0cb133 100644
--- a/electron/main.ts
+++ b/electron/main.ts
@@ -1,6 +1,6 @@
 import { app, BrowserWindow, ipcMain, nativeTheme } from 'electron'
 import { Worker } from 'worker_threads'
-import { join } from 'path'
+import { join, dirname } from 'path'
 import { autoUpdater } from 'electron-updater'
 import { readFile, writeFile, mkdir } from 'fs/promises'
 import { existsSync } from 'fs'
@@ -28,6 +28,47 @@ const AUTO_UPDATE_ENABLED =
   process.env.AUTO_UPDATE_ENABLED === '1' ||
   (process.env.AUTO_UPDATE_ENABLED == null && !process.env.VITE_DEV_SERVER_URL)
 
+// 使用白名单过滤 PATH，避免被第三方目录中的旧版 VC++ 运行库劫持。
+// 仅保留系统目录（Windows/System32/SysWOW64）和应用自身目录（可执行目录、resources）。
+function sanitizePathEnv() {
+  // 开发模式不做裁剪，避免影响本地工具链
+  if (process.env.VITE_DEV_SERVER_URL) return
+
+  const rawPath = process.env.PATH || process.env.Path
+  if (!rawPath) return
+
+  const sep = process.platform === 'win32' ? ';' : ':'
+  const parts = rawPath.split(sep).filter(Boolean)
+
+  const systemRoot = process.env.SystemRoot || process.env.WINDIR || ''
+  const safePrefixes = [
+    systemRoot,
+    systemRoot ? join(systemRoot, 'System32') : '',
+    systemRoot ? join(systemRoot, 'SysWOW64') : '',
+    dirname(process.execPath),
+    process.resourcesPath,
+    join(process.resourcesPath || '', 'resources')
+  ].filter(Boolean)
+
+  const normalize = (p: string) => p.replace(/\\/g, '/').toLowerCase()
+  const isSafe = (p: string) => {
+    const np = normalize(p)
+    return safePrefixes.some((prefix) => np.startsWith(normalize(prefix)))
+  }
+
+  const filtered = parts.filter(isSafe)
+  if (filtered.length !== parts.length) {
+    const removed = parts.filter((p) => !isSafe(p))
+    console.warn('[WeFlow] 使用白名单裁剪 PATH，移除目录:', removed)
+    const nextPath = filtered.join(sep)
+    process.env.PATH = nextPath
+    process.env.Path = nextPath
+  }
+}
+
+// 启动时立即清理 PATH，后续创建的 worker 也能继承安全的环境
+sanitizePathEnv()
+
 // 单例服务
 let configService: ConfigService | null = null
 
diff --git a/package-lock.json b/package-lock.json
index ba9957a..784ab59 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -1,12 +1,12 @@
 {
   "name": "weflow",
-  "version": "1.2.0",
+  "version": "1.3.1",
   "lockfileVersion": 3,
   "requires": true,
   "packages": {
     "": {
       "name": "weflow",
-      "version": "1.2.0",
+      "version": "1.3.1",
       "hasInstallScript": true,
       "dependencies": {
         "better-sqlite3": "^12.5.0",