微信指定联系人自动发送

Security checks across malware telemetry and agentic risk

Overview

This skill appears intended to automate WeChat messaging, but it can send real messages from the user's logged-in account without a final confirmation and has weak safeguards against wrong-window or wrong-recipient sends.

Review this carefully before installing. Only use it for low-risk messages after verifying the recipient and message text, keep WeChat visibly focused, avoid sensitive content, and prefer a version that aborts on focus errors and requires a yes/no confirmation immediately before pressing Enter.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (9)

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The examples encourage scheduled and batch automated message sending to WeChat, which can affect real user communications if misconfigured or triggered unexpectedly. In a messaging automation skill, documentation that normalizes unattended sending without prominent safety warnings increases the chance of accidental spam, privacy leaks, or messages being sent to the wrong recipient.

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The trigger examples include broad natural-language phrases such as '告诉李四资料已准备好' that do not explicitly mention WeChat, which can cause the agent to invoke this skill when the user only intended a general reminder, draft, or another communication channel. In this skill context, misfires are more dangerous because the action sends real outbound messages through GUI automation, making unintended disclosure or accidental communication plausible.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The README advertises natural-language integration for sending WeChat messages but does not prominently warn that invoking the skill causes a real outbound message to be sent to an actual contact. In an agent setting, this creates a meaningful risk of unintended real-world action, disclosure of sensitive content, or messaging the wrong recipient if the user or orchestrator misunderstands the skill's effects.

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The trigger phrases are broad conversational commands such as telling the agent to message someone, without scope constraints, confirmation requirements, or negative examples. In a natural-language agent environment, this increases the chance of accidental invocation from ambiguous user requests, quoted text, or contextual discussion, leading to unintended messages being sent.

Missing User Warnings

Medium

Confidence: 86% confidence
Finding: The script performs GUI automation that culminates in pressing Enter to send a message after only a countdown, without a final explicit confirmation once the target chat and message are populated. Because the automation relies on window focus, timing, clipboard state, and UI assumptions, a small context shift can cause an unintended recipient or unintended content to be sent, making the action irreversible and potentially causing data leakage or accidental messaging.

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The skill is described in broad, natural-language terms such as sending WeChat messages whenever the user wants to send one, which can overlap with ordinary conversation and increase the chance of unintended activation. Because the action performs external side effects on behalf of the user, a false trigger could cause messages to be sent to the wrong recipient or at the wrong time, creating privacy and reputational harm.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill automates message transmission but does not warn users about privacy leakage, misdelivery, or accidental disclosure of sensitive information. In this context, the absence of prominent warnings and consent/verification steps makes the automation more dangerous because users may not realize that a parsing mistake or UI automation error can immediately send real messages to real contacts.

Vague Triggers

Medium

Confidence: 93% confidence
Finding: The trigger phrases are broad and overlap with ordinary conversational language, increasing the chance that the skill activates unintentionally. In a skill that automates GUI control to send WeChat messages, accidental activation can directly cause unintended outbound communications, privacy leaks, or reputational harm.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The description notes that the skill controls mouse and keyboard, but it does not adequately warn about misdelivery, privacy exposure, or disclosure of sensitive content to the wrong contact. Because the skill performs automated message sending through GUI automation, missing risk disclosures and safeguards make user mistakes more likely and can lead to accidental data leakage.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal