Back to skill

Security audit

微信公众号文章生产SOP

Security checks across malware telemetry and agentic risk

Overview

This skill largely matches its WeChat article-drafting purpose, but it saves a live WeChat access token in a draft output file and uses broad external-upload workflows that users should review carefully.

Review the skill before installing if you use a real WeChat official account. Do not run the draft submission step with confidential or unapproved content, and remove or protect draft.json after use because this version stores the WeChat access token there. Confirm any Feishu document creation or WeChat upload explicitly before allowing the agent to proceed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger phrase is extremely broad: it activates on common requests like writing or publishing an article, which can cause the skill to run without clear user intent for this specific workflow. Because the skill includes later steps that generate content, call external services, and ultimately submit a WeChat draft, accidental invocation increases the chance of unintended data handling or publication actions.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
This skill is designed to interact with external platforms, including WeChat API, Feishu, and local tooling, and its workflow culminates in submitting a draft to a public-facing publishing platform. The documentation does not prominently warn that user-provided content, generated text, and related metadata may be transmitted to third parties or published, which creates privacy, confidentiality, and accidental-publication risk.

Missing User Warnings

Medium
Confidence
99% confidence
Finding
The script writes the live WeChat access token into draft.json on disk, creating unnecessary credential persistence. If that file is later committed, exposed through backups, read by other local users/processes, or collected by another tool, the token can be abused to act against the associated WeChat account until it expires.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The step instructs the agent to call `feishu_create_doc`, which would transmit the drafted article content to an external Feishu service, but it does not disclose that data transfer to the user or require explicit consent. This creates a privacy and data-handling risk because users may provide sensitive draft content, proprietary material, or personal information without realizing it will be sent to a third party.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The step instructs users to run a script that uploads article HTML and images to WeChat and stores draft metadata locally, but it does not clearly warn that unpublished content, embedded image references, and resulting identifiers will be transmitted to a third-party platform and persisted on disk. This can cause unintended disclosure of sensitive or embargoed content if users assume the action is only a local draft-preparation step.

VirusTotal

58/58 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.env_credential_access

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
scripts/submit-draft.js:15