ClawHub

微信生态全能管家

Security checks across malware telemetry and agentic risk

Overview

This WeChat automation skill is broadly purpose-aligned, but it asks for authority over publishing, customer messaging, payments, refunds, and customer data without enough clear controls.

Install only if you are prepared to keep this skill under close manual control. Before using it, require explicit account selection, preview and confirmation for every post/message/refund/payment action, least-privilege credentials, and independent review of any customer data or financial workflow.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The skill advertises broad cross-domain authority over public accounts, mini-programs, enterprise WeChat, payments, and social publishing, but does not define clear activation boundaries, required confirmations, or task scoping. In an agent setting, ambiguous scope increases the risk that the assistant will perform or suggest high-impact actions in the wrong context, especially for publishing, customer messaging, or payment-related workflows.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill includes automated publishing, template messaging, auto-replies, and refund handling, all of which can affect external systems, customers, or financial records, yet the description lacks concrete user-facing safeguards beyond a brief generic statement at the end. In this context, insufficient warnings and approval gates are dangerous because mistaken or overbroad automation could trigger unauthorized communications, reputational damage, privacy issues, or improper financial actions.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal