ClawHub
Back to skill

Security audit

wechat-new-tool

Security checks across malware telemetry and agentic risk

Overview

This WeChat messaging bridge matches its stated purpose, but it needs review because it can send messages through an unauthenticated local service using bundled credentials and an external HTTP gateway.

Install only if you trust the SynodeAI/WeChat gateway and understand that message text, recipient data, media URLs, file URLs, and credentials may be sent to that service. Restrict the service to trusted local access, rotate or replace the bundled token, prefer HTTPS, and require a real server-side confirmation or allowlist before using it to send messages.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
This service exposes contact lookup and outbound WeChat messaging capabilities through unauthenticated HTTP endpoints, but the file provides no access control, purpose limitation, or abuse-prevention logic. In this context, the "unknown purpose" is not just a documentation issue: the code enables arbitrary message delivery to friends/groups, which can be repurposed for spam, impersonation, phishing, or unauthorized data exfiltration.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill explicitly supports sending text, images, and files through backend endpoints, but it does not disclose that user-provided content and media URLs will be transmitted to an external service. This creates a meaningful privacy and data-handling risk because users may unknowingly cause sensitive content to be forwarded off-platform or to unintended recipients.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The /wechat/confirm_send endpoint directly sends attacker-controlled content to an external messaging API without any server-side confirmation, authentication, or validation. Although /wechat/dispatch returns a "confirm" status, the actual send endpoint trusts raw client input and can be called independently, making unauthorized message sending trivial if the service is reachable.

Unpinned Dependencies

Low
Category
Supply Chain
Content
"name": "wechat-ai-bridge",
  "version": "1.0.0",
  "dependencies": {
    "axios": "^1.6.0",
    "express": "^4.18.0"
  },
  "scripts": {
Confidence
96% confidence
Finding
"axios": "^1.6.0"

Unpinned Dependencies

Low
Category
Supply Chain
Content
"version": "1.0.0",
  "dependencies": {
    "axios": "^1.6.0",
    "express": "^4.18.0"
  },
  "scripts": {
    "start": "node wechat_bridge.js"
Confidence
96% confidence
Finding
"express": "^4.18.0"

Known Vulnerable Dependency: axios==1.6.0 — 10 advisory(ies): CVE-2025-62718 (Axios has a NO_PROXY Hostname Normalization Bypass that Leads to SSRF); CVE-2026-42044 (Axios: Invisible JSON Response Tampering via Prototype Pollution Gadget in `pars); CVE-2026-25639 (Axios is Vulnerable to Denial of Service via __proto__ Key in mergeConfig) +7 more

High
Category
Supply Chain
Confidence
99% confidence
Finding
axios==1.6.0

Known Vulnerable Dependency: express==4.18.0 — 2 advisory(ies): CVE-2024-43796 (express vulnerable to XSS via response.redirect()); CVE-2024-29041 (Express.js Open Redirect in malformed URLs)

Low
Category
Supply Chain
Confidence
98% confidence
Finding
express==4.18.0

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal