WeChat Article Extractor

Security checks across malware telemetry and agentic risk

Overview

The skill mostly matches its WeChat article extraction purpose, but it needs review because it can execute JavaScript taken from fetched or supplied article HTML and includes an under-documented helper with hard-coded local file paths.

Install only if you trust the publisher and can run it in a constrained environment. Avoid feeding it untrusted HTML or sensitive/private article links until dynamic JavaScript evaluation is removed or sandboxed, hostname validation is tightened, dependencies are updated, and convert.js is removed or changed to use explicit user-provided paths.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Low

Confidence: 82% confidence
Finding: The skill is network-oriented and may fetch remote content from user-supplied URLs or process provided HTML tied to external sources, but the documentation does not clearly warn users about outbound requests and related privacy implications. In agent settings, lack of transparency about network access can lead users to expose sensitive URLs, tokens in query strings, or private article content without informed consent.

Known Vulnerable Dependency: qs==6.15.0 — 1 advisory(ies): CVE-2026-8723 (qs has a remotely triggerable DoS: qs.stringify crashes with TypeError on null/u)

Low

Category: Supply Chain
Confidence: 97% confidence
Finding: qs==6.15.0

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal