ClawHub

微信公众号发布技能

Security checks across malware telemetry and agentic risk

Overview

This WeChat publisher is not clearly malicious, but it asks for sensitive account credentials and gives risky credential and privileged-install guidance.

Install only after reviewing the credential risk. Use a test WeChat account first, avoid command-line AppSecret entry, prefer environment variables or a secret store, lock down config and token-cache file permissions, disable scheduling until you trust the generated drafts, and inspect each draft before posting publicly.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Tool MisuseTool Parameter Abuse, Chaining Abuse, Unsafe Defaults
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The guide includes what appear to be concrete AppSecret and license-like values instead of obvious placeholders, which can mislead users into treating secrets as safe to copy, store, or share. In security-sensitive documentation, realistic secret values normalize unsafe handling of credentials and may accidentally expose real or reusable tokens if they were not fabricated.

Intent-Code Divergence

Medium
Confidence
91% confidence
Finding
The license/trial enforcement path contains inconsistent logic: when use is denied, it references a variable named 'usage' that is not defined in that scope. This can cause a runtime exception and break the advertised publishing flow, creating a denial-of-service condition for users and undermining reliability in an operational automation script.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The documentation instructs users to pass AppSecret values directly via command-line flags and store them in plaintext config files. This is dangerous because command-line arguments may be exposed through shell history, process listings, telemetry, or screenshots, and plaintext config storage increases the chance of local compromise, accidental backup leakage, or source-control exposure.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill requires highly sensitive微信公众号 credentials (`app_id` and especially `app_secret`) and automates publishing, but the documentation provides no warning about secure storage, transmission, least-privilege handling, or the risks of exposing account-linked content and tokens. In this context, omission is security-relevant because users may enter production credentials into an untrusted third-party skill and unknowingly authorize automated access to their official account.

Chaining Abuse

High
Category
Tool Misuse
Content
```bash
# 1. 打开终端
# 2. 安装 Node.js(如未安装)
curl -fsSL https://deb.nodesource.com/setup_16.x | sudo -E bash -
sudo apt-get install -y nodejs

# 3. 安装 OpenClaw
Confidence
93% confidence
Finding
| sudo

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal