ClawHub

Uni App Wechat Cicd

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed WeChat Mini Program CI/CD helper, but it needs careful credential and release controls before use.

Install only if you intend to automate WeChat Mini Program publishing. Store the private key only in CI secrets, never commit it or upload it as an artifact, restrict workflows to protected branches, require manual approval for review/release modes, and delete generated key files after each job.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill clearly documents shell execution and environment-variable usage for building and publishing a mini program, but it does not declare corresponding permissions. That mismatch can prevent proper policy enforcement and informed user consent, making it easier for an agent to perform build/deploy actions with broader capability than the metadata suggests.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The README explicitly promotes automated build, upload, and release workflows to GitHub Actions, GitLab CI, Jenkins, and WeChat Mini Program publishing, but it does not clearly warn that these steps can transmit code and trigger external publication actions. In a CI/CD skill, missing disclosure increases the chance that a user will run automation that uploads proprietary code or performs unintended releases without understanding the consequences.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill automates code upload and experience-version publication to WeChat, which are real external side effects, but it does not require an explicit warning or confirmation before deployment. In an agent setting, this increases the risk of unintended releases, accidental overwrites, or publishing unreviewed code to an external platform.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script writes sensitive private key material from an environment variable to a filesystem path and does not set restrictive permissions, warn about persistence, or remove the file afterward. In a CI/CD context, this can leave long-lived signing credentials on shared runners, build workspaces, caches, or artifacts, increasing the risk of credential disclosure and unauthorized mini-program uploads/releases.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal