ClawHub

智能微信公众号发布技能

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do the advertised WeChat draft publishing, but it asks for powerful account credentials and handles them too loosely for automatic publishing workflows.

Install only if you are comfortable granting this skill access to a WeChat Official Account. Prefer environment or secret-manager handling for AppSecret, avoid putting it on the command line or in shared/plaintext files, restrict permissions on any config and memory directories, rotate any exposed secret, and review generated drafts before enabling scheduled runs. Also verify content quality because the included script appears to publish fixed sample news rather than collecting live items.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The guide explicitly emphasizes that the AppSecret is sensitive and only shown once, but then repeatedly includes full secret-looking values in command and config examples. Even if these are sample values, normalizing this pattern trains users to paste real credentials into unsafe places and increases the chance of accidental secret disclosure in screenshots, copied commands, documentation reuse, or support logs.

Missing User Warnings

Medium
Confidence
99% confidence
Finding
Passing the公众号 AppSecret directly on the command line can expose it through shell history, process listings, terminal logging, remote session capture, and monitoring tools. In this skill context, the secret is a high-value credential for a production WeChat account, so disclosure could enable unauthorized API use or account abuse.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The manual instructs users to store AppSecret in plaintext in a local config file without prominently warning about credential protection, file permissions, backups, syncing, or source control leakage. Because this skill manages公众号 publishing credentials, plaintext local storage increases the risk of compromise from multi-user systems, malware, accidental upload, or support bundle collection.

Missing User Warnings

Medium
Confidence
85% confidence
Finding
The script writes execution status and a token cache to local files under the memory directory, and the token cache contains live access credentials. If file permissions are weak, the host is multi-user, or the working directory is exposed via backups/sync, another local process or user could recover tokens and operational metadata to impersonate the account or inspect publishing activity.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill explicitly automates collection and publication to a WeChat public account draft box, which necessarily involves outbound network actions and use of sensitive公众号 credentials. The documentation does not warn users that the skill will transmit content and authenticate against external services, increasing the risk of users supplying secrets without understanding how they are used or what data leaves the system.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The configuration table asks users to provide an AppSecret but gives no guidance on secure storage, masking, rotation, or avoiding plaintext exposure. Because AppSecret is a high-value credential for account access, poor handling can enable account compromise, unauthorized publication, or abuse of the associated WeChat account if leaked through config files, logs, screenshots, or shell history.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal