ClawHub

全流程微信公众号自动发文 skill

Security checks across malware telemetry and agentic risk

Overview

The skill mostly matches its WeChat publishing purpose, but an included fallback script can publish live content automatically and exposes part of an access token in logs.

Install only if you intend to give this workflow WeChat Official Account publishing authority. Before use, make publish.mjs draft-only by default or require an explicit final-publish flag, remove the access_token log line, keep real secrets in a protected local .env, test with a non-production or tightly controlled account, and review any cron entries before enabling them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill describes that the fallback publishing script can automatically proceed from draft creation to formal publication, which increases the risk of unintended live posting. Although the document later discusses draft-only vs full-publish modes, the execution path near the publishing step does not force an explicit operator confirmation immediately before publication, so a user may trigger irreversible publication by mistake.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script automatically performs the final freepublish submission immediately after creating the draft, with no interactive confirmation, dry-run mode, or explicit warning at the point of no return. In an agent/skill context, this increases the chance of unintended public posting if the script is triggered on the wrong content or in the wrong environment.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal