Wechat Publisher Skill

Security checks across malware telemetry and agentic risk

Overview

The skill does the WeChat publishing it advertises, but it teaches unsafe handling of account secrets for a high-impact publishing integration.

Review carefully before installing. Use only a test or low-risk WeChat official account first, do not paste real AppSecrets into command-line flags or shared terminals, avoid plaintext config where possible, restrict local file permissions, rotate any secret shown in logs/screenshots, and confirm scheduled runs cannot create drafts without your intended approval.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (12)

Intent-Code Divergence

High

Confidence: 99% confidence
Finding: The troubleshooting guide explicitly recommends hardcoding the WeChat AppSecret in a script and storing it in plaintext configuration, which materially increases the chance of credential leakage through source control, logs, backups, screenshots, or local compromise. Because this is a publishing skill tied to a real external account, exposure of the AppSecret could let an attacker mint tokens and operate the associated WeChat account/API.

Intent-Code Divergence

Medium

Confidence: 95% confidence
Finding: The guide explicitly tells users to pass a full AppSecret on the command line and store it in a plaintext JSON config file, while only masking it in display output. This creates a real credential-handling weakness because secrets may be exposed via shell history, process listings, backups, or local file compromise.

Intent-Code Divergence

Medium

Confidence: 97% confidence
Finding: In the license-failure branch, the code references an undefined variable usage, which will raise a NameError before the intended failure message is shown. This creates a denial-of-service condition for expired-trial executions and prevents reliable status reporting, which is especially problematic in automation where predictable failure handling matters.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The installation guide includes a full, real-looking AppSecret in example configuration prompts, which normalizes handling secrets in plaintext and may lead users to paste real credentials into shells, screenshots, logs, or shared terminals. Even if the shown value is only an example, documentation that demonstrates secret disclosure increases the chance of accidental credential exposure.

Missing User Warnings

Medium

Confidence: 98% confidence
Finding: The verification section explicitly shows a command that prints the stored `app_secret` in full plaintext, teaching users to reveal sensitive credentials on screen. This is dangerous because terminal output may be captured by shell history tools, logging systems, screen sharing, screenshots, or shoulder surfing, directly exposing the WeChat account secret.

Missing User Warnings

High

Confidence: 99% confidence
Finding: This section tells users to place sensitive AppSecret values directly into scripts and config files without discussing the security consequences. That creates an insecure operational pattern where long-lived credentials are easy to disclose and difficult to rotate, especially in shared workstations or agent environments.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The diagnostic script reads the stored AppSecret and prints part of it to the console, confirming secret presence and exposing a prefix that may still aid attackers or leak into terminal logs, support bundles, screenshots, and monitoring systems. More broadly, normalizing secret inspection in diagnostics encourages unsafe handling of sensitive data.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The guide instructs users to configure `app_secret`, which is a sensitive credential, but provides no guidance on secure storage, restricted access, log redaction, or secret rotation. In a skill that automates access to a WeChat public account, mishandling this secret could allow unauthorized API use, account abuse, content publication, or data exposure if the credential is leaked through config files, screenshots, shell history, or shared environments.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The documentation normalizes unsafe secret entry patterns by showing a real-looking AppSecret in CLI flags and config.json without warning users about shell history, terminal logging, or plaintext at-rest exposure. Even if the shown value is illustrative, users are likely to copy the pattern with production credentials.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill explicitly requires sensitive WeChat credentials (`app_id`, `app_secret`) and describes automatic publication to a third-party platform, but the documentation does not explain secure storage, least-privilege handling, redaction in logs, or the fact that generated content and metadata will be transmitted to WeChat APIs. This creates a real security risk because users may paste production secrets into an untrusted skill without understanding exposure, retention, or network transmission implications.

Ssd 3

High

Confidence: 97% confidence
Finding: The guide exposes a realistic AppSecret in plaintext during setup examples, which is a sensitive credential-handling failure. In the context of a publishing skill that interfaces with a real WeChat public account, compromise of the AppSecret could allow unauthorized API access, content publishing actions, or misuse of the associated account.

Ssd 3

High

Confidence: 99% confidence
Finding: The guide instructs users to run a config display command that reveals the full stored AppSecret, which directly increases the likelihood of credential leakage. Because this skill manages publication to a WeChat official account, exposed secrets can enable unauthorized access to account APIs and potentially tamper with drafts, publishing workflows, or related content operations.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal