ClawHub

微信公众号文章导出

Security checks across malware telemetry and agentic risk

Overview

This skill clearly downloads a user-provided WeChat article and saves it as a Markdown file, with no evidence of hidden collection, credential use, or destructive behavior.

Install this if you want WeChat public articles exported to Markdown. Use an intended output directory, avoid running it on ambiguous requests, and review the saved Markdown as untrusted web-derived content before reusing it as notes or agent context.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Rogue AgentSelf-Modification, Session Persistence
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill performs network access and writes files, but does not declare permissions or otherwise signal these capabilities for policy enforcement or user review. In an agent environment, hidden capability use increases the risk of unexpected external requests and persistent filesystem changes, especially when the skill is auto-triggered.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger conditions include broad everyday phrases such as references to downloading or saving WeChat articles, which can cause the skill to activate on loosely related requests. Because the skill then performs network fetches and file writes, over-broad activation can lead to unintended remote access and data being stored without clear user intent.

Vague Triggers

Low
Confidence
79% confidence
Finding
The example prompts are phrased broadly and do not always require a precise WeChat public-article export intent, which reinforces over-triggering behavior. In this skill's context, the consequence is unnecessary but real: accidental invocation may fetch external content and create files in the workspace.

Session Persistence

Medium
Category
Rogue Agent
Content
```bash
# 如需要则创建输出目录
mkdir -p "$OUTPUT_DIR"

# 运行导出脚本
python3 ~/.npm-global/lib/node_modules/openclaw/skills/WeChat-article-reader/scripts/export.py "$URL" "$OUTPUT_DIR"
Confidence
72% confidence
Finding
mkdir -p "$OUTPUT_DIR" # 运行导出脚本 python3 ~/.npm-global/lib/node_modules/openclaw/skills/WeChat-article-reader/scripts/export.py "$URL" "$OUTPUT_DIR" ``` ### 步骤 4:报告结果 告知用户: - 成功或失败状态 - 输出文件路径 - 文章标题

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal