ClawHub

Silas WeChat Article Search

Security checks across malware telemetry and agentic risk

Overview

This skill is for collecting WeChat articles, but it also describes recurring scraping and writing content into Feishu with limited user-control safeguards.

Install only if you intentionally want automated WeChat article collection and Feishu knowledge-base ingestion. Scope Feishu permissions narrowly, disable or review the hourly cron unless needed, confirm destinations before writes, and avoid using sensitive internal search terms with Sogou or Serper.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill describes network access, local file writes, and downstream content insertion into external systems, yet it declares no permissions. This creates a transparency and governance gap: operators may approve or invoke the skill without realizing it can exfiltrate data to third parties or modify local and remote data stores.

Tp4

High
Category
MCP Tool Poisoning
Confidence
83% confidence
Finding
The documented behavior does not match the implemented/advertised workflow: the skill can parse arbitrary supplied WeChat URLs and save JSON locally, while core described search/fallback behaviors are absent. Behavior mismatch is dangerous because it undermines user consent and review, making it easier to hide capabilities such as direct fetching or data persistence that were not clearly disclosed.

Vague Triggers

Medium
Confidence
76% confidence
Finding
The skill is framed as a broad article search, parsing, scoring, and ingestion workflow without clear activation boundaries or user-approval conditions. Ambiguous scope increases the chance the agent invokes it in unintended contexts, leading to unnecessary scraping, third-party queries, or repository/document modifications.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill instructs the agent to save content and images locally and create/update Feishu documents and indexes, but it does not present these as user-visible side effects requiring consent. Silent modification of local storage and enterprise knowledge bases can cause data integrity issues, unwanted publication, or compliance problems.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill sends search queries and article titles to external services such as Sogou and Serper without an explicit privacy warning or data-sharing disclosure. If user-provided topics, internal keywords, or sensitive article names are included, this can leak business intent or confidential research topics to third parties.

External Transmission

Medium
Category
Data Exfiltration
Content
### 源1:搜狗微信(主力,零依赖)
```bash
curl -s "https://weixin.sogou.com/weixin?type=2&query=关键词" \
  -H "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36"
```
用 Python 正则提取标题和链接,返回搜狗中间链接列表。
Confidence
80% confidence
Finding
curl -s "https://weixin.sogou.com/weixin?type=2&query=关键词" \ -H "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36" ``` 用 Python 正则提取标题和链接,返回搜狗中间链接列表。 ### 源2:新榜(补充) ```bash c

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal