Back to skill

Security audit

Wechat Look

Security checks across malware telemetry and agentic risk

Overview

This WeChat article OCR skill mostly matches its purpose, but it includes captcha-bypass guidance and can fetch unvalidated remote URLs and images.

Review before installing. Only use it if you are comfortable with it fetching WeChat pages, downloading referenced images, and running local Node OCR scripts; prefer a revised version that removes captcha-bypass wording and restricts downloads to expected public WeChat/CDN image hosts with size and count limits.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
96% confidence
Finding
The skill declares no explicit permissions, but its own documentation describes outbound network access to WeChat and image URLs plus launching a local Node.js process via subprocess. This creates a permission-model mismatch: users and the hosting platform are not clearly informed that the skill can access the network and execute shell-level processes, which weakens review, sandboxing, and least-privilege enforcement.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The script fetches an arbitrary user-supplied image URL directly, which can cause external network access and disclosure of server/network metadata such as IP address, and may be abused for SSRF-style access to internal resources if this runs in a privileged environment. In this skill's context, downloading remote article images is expected behavior, but the lack of URL validation, protocol/host restrictions, and explicit user warning still makes it a real security issue rather than a false positive.

Ssd 4

Medium
Confidence
96% confidence
Finding
The README explicitly instructs users to add `scene=1` to WeChat article URLs to '绕过验证码' (bypass verification), which normalizes defeating an access-control or anti-abuse mechanism. Even though this is documentation rather than executable code, embedding guidance to circumvent platform protections can facilitate unauthorized scraping, policy violations, and increased abuse of a third-party service.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.