ClawHub

Wechat Sender

Security checks across malware telemetry and agentic risk

Overview

This skill is a real WeChat automation helper, but it can send messages immediately and its “file sending” path actually sends the local file path as text.

Install only if you are comfortable with an agent controlling your desktop WeChat session. Use --no-send for sensitive content, verify the selected contact before sending, avoid the --file mode unless you intend to send the local path as text, and avoid running it where terminal output is logged.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The function named and advertised as file sending does not transmit a file; it types the local file path into the active chat window as plain text. This can leak sensitive filesystem paths, usernames, project names, or confidential directory structure to the recipient, while misleading the operator into believing a file was safely sent.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger phrases are broad natural-language requests such as '发微信' and '发消息给 XXX', which can cause the skill to activate on ambiguous user intent without strong confirmation. In this skill's context, activation leads to GUI automation that can send messages or files through WeChat, so an accidental trigger can cause unintended outbound communication or data disclosure.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
This script performs GUI automation to open WeChat, select a contact, type content, and press Enter without any final user confirmation. Because GUI focus can change or contact selection can be wrong, a message or file path may be sent to the wrong recipient immediately, causing unintended disclosure or unauthorized communication.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The script prints recipient names, message content, and file paths directly to stdout, which may be captured in terminal history, logs, CI output, remote shells, or screen recordings. This creates an unnecessary secondary disclosure channel for private communications and local path information.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal