Aws Wechat Article Review

Security checks across malware telemetry and agentic risk

Overview

This WeChat article review skill is mostly purpose-aligned, but users should review it because it under-discloses file-changing and cross-skill Python execution behavior.

Install only if you expect a WeChat article workflow that may edit drafts and create final article files. Before using Step 5, verify the sibling writing skill and its write.py script, keep backups of draft.md and article.md, and require explicit confirmation before file overwrites or command execution.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The trigger list includes very generic phrases such as '审稿', '审核', '校对', and '文章检查一下', which are common everyday requests and can cause the skill to activate outside the intended WeChat article workflow. Unintended invocation can route unrelated user content into this skill's file-processing workflow, increasing the chance of inappropriate actions, confusion, or unsafe handling of local repository files.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal