Back to skill

Security audit

微信公众号发布器

Security checks across malware telemetry and agentic risk

Overview

This skill is for WeChat public-account publishing, but it grants ongoing posting authority and stores sensitive credentials without enough safeguards or clear approval controls.

Review before installing. Only use this skill if you are comfortable giving it WeChat public-account publishing credentials. Keep AppSecret out of source control, restrict access to the config file, rotate the secret if exposed, and require manual preview and approval before enabling scheduled or live publishing.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The skill advertises very broad activation triggers such as general WeChat publishing, account configuration, hot topics, and operations keywords, which can cause it to activate during ordinary discussion rather than a clear user request to publish or manage a public account. In this context, overbroad invocation is risky because the skill can access stored公众号 credentials and perform sensitive actions like generating and publishing content, increasing the chance of unintended execution or privilege misuse.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill documentation describes storing AppID/AppSecret in a user config file and supports automatic scheduled publishing, but it does not prominently warn users that sensitive credentials are persisted locally and may be used to publish content without a fresh per-action approval. This lack of disclosure is dangerous because users may enable the skill without understanding the security and operational consequences, leading to account compromise impact, accidental posting, or misuse of publication authority.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.