Back to skill

Security audit

Wechat Db Decrypt

Security checks across malware telemetry and agentic risk

Overview

This skill is review-worthy because it teaches decryption and mining of private WeChat messages, including lead gathering and ongoing monitoring, with weak consent and data-handling boundaries.

Only install this for data you own or are explicitly authorized to process. Avoid using it for group, customer, competitor, or third-party chat mining; do not run unverified decryptor executables against live WeChat sessions; and avoid storing extracted chat content or derived analysis in persistent memory unless you have clear consent, retention limits, and deletion controls.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (9)

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The skill claims lawful/personal-use limits, but its stated use cases include competitive intelligence and customer mining from chat data, which directly incentivizes analysis of other people's private communications. This contradiction makes the safety note ineffective and increases the likelihood of misuse for privacy invasion or unauthorized surveillance.

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The document explicitly states its source is a decrypted WeChat database and turns that private communications data into actionable lead intelligence. This normalizes unauthorized access, analysis, and downstream use of sensitive chat content, creating clear privacy, legal, and potential surveillance harms.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
From the outset, the skill presents WeChat database decryption and message extraction as a normal workflow without clearly warning that it exposes highly sensitive communications, contact lists, and metadata. This omission lowers the barrier to privacy-invasive use and may lead users to access regulated or third-party data without informed consent or legal authority.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The skill provides operational instructions for automatically locating a running WeChat process, extracting keys, patching tooling, and scanning memory for candidate secrets. These are credential/key-access techniques that can undermine application protections and be repurposed for unauthorized decryption of private databases.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The file describes analyzing decrypted WeChat messages to identify clients and privately contact them, but provides no privacy, consent, or sensitive-data handling safeguards. In this context, the omission is dangerous because the workflow itself encourages misuse of non-public communications for profiling and solicitation.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The recommendation to import results into MEMORY.md and build automation to monitor decrypted messages escalates the risk from one-time misuse to persistent collection, retention, and surveillance. Automating extraction and lead-pushing from decrypted chats increases scale, durability, and likelihood of privacy violations or abusive monitoring.

Missing User Warnings

High
Confidence
97% confidence
Finding
The script searches decrypted WeChat databases and then prints and writes matched message content to a plaintext log file and JSON file without any consent check, warning, minimization, or access control. Because message bodies may contain private conversations, business data, credentials, or other sensitive content, this creates a clear confidentiality risk and makes exfiltration or unauthorized local disclosure easier.

Ssd 3

High
Confidence
99% confidence
Finding
This section explicitly instructs users to extract, filter, and export message contents from decrypted chat databases for analysis. That materially enables bulk access to private communications and creates a straightforward path to exfiltration, profiling, or misuse of sensitive personal and business information.

Ssd 3

High
Confidence
99% confidence
Finding
The listed use cases explicitly frame the tool for opponent intelligence, customer lead mining, and extracting value from group chat data, which strongly suggests surveillance or commercial exploitation of others' communications. In context, this makes the surrounding decryption and message-search capabilities substantially more dangerous because the documentation couples invasive access with misuse-oriented objectives.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.