ClawHub

wechat-public-cli

Security checks across malware telemetry and agentic risk

Overview

The skill is purpose-aligned, but it deserves review because it handles live account secrets and documents direct publish and send-all actions without clear safety controls.

Install only if you trust the external npm/GitHub CLI with your WeChat and Baijiahao accounts. Keep `wechat-public.config.json` out of source control and shared folders, prefer environment variables or a secret store, restrict local file permissions, and require an explicit human confirmation before running publish or send-all commands.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill instructs users to place highly sensitive credentials and session artifacts such as app secrets, cookies, and tokens into a local JSON config and environment variables, but provides no warning about secret handling, storage permissions, shell history exposure, or avoiding source control commits. Because these credentials can enable publishing, downloading, and account access against external platforms, accidental leakage could lead to account compromise or unauthorized content operations.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The documented commands include draft creation, direct publish, and `sendall` operations that affect real public-facing content and followers, but the skill gives no warning that these actions are externally visible and potentially irreversible or high-impact. In an agent or automation context, unclear confirmation expectations increase the risk of accidental publication, spam-like mass messaging, brand damage, or policy violations.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal