微信公众号 AI 一条龙运营（总控）

Security checks across malware telemetry and agentic risk

Overview

This skill is a clearly disclosed WeChat article workflow orchestrator that uses sensitive credentials for expected publishing and AI-provider integrations.

Install only if you are comfortable storing WeChat and model-provider credentials for this workflow. Keep aws.env out of version control, restrict access to the repo, prefer least-privilege credentials where possible, and review the separate publishing subskill before allowing it to post or publish content.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The document instructs users to store API keys and WeChat AppID/AppSecret values in a repository-root `aws.env` file, but provides no warning about secret handling, exclusion from version control, or access restrictions. In a content-publishing skill that automates external services, this increases the chance of credential leakage through commits, backups, logs, or unsafe sharing, which could enable account takeover or abuse of paid APIs.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal