Back to skill

Security audit

Wechat Publisher Skill Clean

Security checks across malware telemetry and agentic risk

Overview

This skill appears intended to create WeChat Official Account drafts, but it needs review because it handles powerful WeChat credentials and cached account tokens with weak security guidance.

Install only if you trust this publisher with your WeChat Official Account credentials. Prefer environment variables or a secret manager over command-line secrets or plaintext config, restrict permissions on config and token-cache files, rotate the AppSecret if it was exposed, run manually first, and review drafts before enabling scheduled runs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The guide instructs users to pass the公众号 AppSecret directly on the command line and to store it in a plaintext JSON config file. This can expose the secret through shell history, process listings, screenshots, backups, or local file compromise, enabling unauthorized access to the WeChat public account API.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The README includes a real-looking AppSecret directly in command examples and configuration tables, and it does so without any warning to treat secrets as sensitive credentials. This encourages unsafe copy-paste behavior, risks accidental credential disclosure in shell history, screenshots, logs, or repositories, and normalizes insecure secret handling for a privileged publishing integration.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The README instructs users to schedule automatic publishing to a public-facing WeChat account, but it does not clearly warn that content may be posted unattended on a recurring basis. In the context of a publishing skill, this increases the chance of unintended or low-quality content being automatically pushed to a live audience, causing reputational damage or accidental policy violations.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill explicitly asks users to provide highly sensitive WeChat credentials (AppID and especially AppSecret) but gives no guidance on secure storage, least-privilege handling, logging avoidance, or privacy implications. In an agent/skill ecosystem, this is dangerous because users may paste long-lived secrets into insecure config stores or third-party tooling without understanding the account takeover and unauthorized publishing risk.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.