ClawHub

WeChat File Sender

Security checks across malware telemetry and agentic risk

Overview

This skill is meant to send files through WeChat, but it automates a logged-in account and can transmit local files without a final confirmation or strong recipient verification.

Review carefully before installing. Use only with non-sensitive files and contacts you trust, and prefer a fixed version that ships the PowerShell helper, clearly states that files are transmitted through WeChat, verifies the exact recipient, and asks for confirmation immediately before sending.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Intent-Code Divergence

Medium
Confidence
99% confidence
Finding
The README makes explicit security assurances that the implementation does not enforce: the script only checks that the path exists and places both the contact name and file path into the UI/clipboard with no absolute-path check and no character/length validation for the contact. This mismatch is dangerous because callers or higher-level agents may trust the documented constraints and pass untrusted input into fragile RPA behavior, causing unintended recipients to be selected or arbitrary local files to be sent.

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The comment is materially misleading: the script's explicit purpose is to send a local file to a WeChat contact, which is a form of data transmission/exfiltration from the local system to an external recipient via the WeChat client. Misstating this as 'no network calls, no data exfiltration' can cause users, reviewers, or downstream agents to underestimate the privacy and security implications and approve or invoke the skill in inappropriate contexts.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The script performs file sharing to a named WeChat contact by launching a PowerShell helper, but it does not present a clear user-facing confirmation immediately before transmission. In an agent/automation context, that increases the risk of unintended disclosure of sensitive local files to the wrong recipient, especially if upstream inputs are user-controlled or derived from other tools.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal