wechat-tool
Security checks across malware telemetry and agentic risk
Overview
This WeChat messaging skill does what it says, but it sends a powerful account token and message data through a plain HTTP service endpoint.
Review before installing. Only use this skill if you trust synodeai.com with your WeChat token, contacts, message text, and shared file links, and prefer not to use it with a real account unless the provider supports HTTPS for the actual API calls. Use a revocable token if available and verify every recipient and message before confirming sends.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
64/64 vendors flagged this skill as clean.