ClawHub

WeChat Article Collector

Security checks across malware telemetry and agentic risk

Overview

This is a useful article backup skill, but it needs Review because it can drive a logged-in browser session, scrape arbitrary sites, and contains an unsafe shell invocation reachable through user-provided input.

Install only if you trust the publisher and are comfortable granting automation access to a logged-in Chrome session. Use a dedicated browser profile with only the intended account logged in, avoid untrusted URLs or selector files, review the save directory, and do not enable cron scheduling unless you have retention and monitoring in place. The shell=True URL handling should be fixed before broad use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (12)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
time.sleep({profile["wait_after_load"]})
print("OK")
'''
        result = subprocess.run(
            f"printf '{navigate_code}' | browser-harness",
            shell=True,
            capture_output=True,
Confidence
98% confidence
Finding
result = subprocess.run( f"printf '{navigate_code}' | browser-harness", shell=True, capture_output=True, text=True, timeout=15

subprocess module call

Medium
Category
Dangerous Code Execution
Content
try:
        with open(tmp_path, "r") as f:
            result = subprocess.run(
                ["browser-harness"],
                stdin=f,
                capture_output=True,
Confidence
89% confidence
Finding
result = subprocess.run( ["browser-harness"], stdin=f, capture_output=True, text=True, timeout=timeout

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The documentation expands the skill from WeChat article collection into generalized social-media scraping, account management, form submission, monitoring, and business-data export. Even without embedded code in this file, this materially increases risk by normalizing use of the same browser-connected automation against logged-in services that may expose private, regulated, or business-sensitive data.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The documentation materially broadens the skill from a WeChat-official-account backup tool into a generic arbitrary-site scraper, including user-supplied selectors and URLs. That scope expansion is dangerous because users and downstream agents may apply the skill to unintended targets, including authenticated sites, creating privacy, policy, and account-data exposure risks beyond the declared purpose.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The guide explicitly advertises collection from arbitrary websites, including custom logged-in sites, while the skill metadata frames the tool as a WeChat-content backup utility. This mismatch increases the chance of misuse for broad authenticated scraping with a reused browser session, which can expose sensitive account data or enable collection from services the user did not intend to grant access to.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The document explicitly promotes connecting to a browser session already logged into the WeChat official account backend and bulk-downloading article content into a local knowledge base, but it does not warn about the sensitivity of account-scoped data access or the persistence of harvested content on disk. In this skill context, that omission is meaningful because users may run it against privileged publisher accounts and unintentionally create local copies of potentially sensitive or regulated content without understanding the security and privacy implications.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The cron example enables unattended recurring access to the logged-in account and continuous local storage of downloaded content, yet it provides no warning that this behavior will persist over time. In this context, scheduled automation increases risk because repeated collection can silently expand the local data footprint and continue operating after the user forgets it was enabled.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The README explicitly promotes bulk collection, full-text download, and storage into a local knowledge base, but it does not clearly disclose that the tool persists potentially sensitive account-associated content and metadata on disk. In a browser-attached automation context, users may underestimate the privacy and data-retention implications, increasing the risk of unintended local exposure, backup propagation, or later misuse of archived content.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The cron example enables unattended recurring scraping and local writes without any warning that the job will continue accessing the logged-in WeChat backend and accumulate data over time. In this skill's context, automation against an authenticated browser session makes the omission more dangerous because users may unknowingly create persistent, ongoing collection of account content with little visibility.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The top-level description emphasizes convenience but does not clearly warn that the skill will bulk-download account-linked content from a logged-in WeChat backend and persist it to local storage. Users may underestimate the privacy, copyright, storage, and endpoint-sensitivity implications of running it, especially because it relies on an active authenticated browser session.

Missing User Warnings

Low
Confidence
84% confidence
Finding
The cron example encourages unattended recurring execution against a logged-in browser-backed account without warning that each run will revisit the authenticated service and write additional data to disk. This can lead to unnoticed continuous collection, excessive accumulation of local content, or repeated access using stale but still-valid authenticated sessions.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The usage guide instructs users to collect from logged-in sites by reusing an existing Browser Harness session but provides no privacy or account-access warning. In this context, the skill can act with the full authority of the user's authenticated browser state, so an overly broad or mistaken target could expose private articles, account metadata, or other accessible content.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal