Security audit

Wechat Article To Markdown

Security checks across malware telemetry and agentic risk

Overview

This skill does what it claims: it fetches WeChat articles, converts them to Markdown, and saves optional local images, with no evidence of credential theft, hidden exfiltration, or destructive behavior.

Install only if you want a tool that fetches public WeChat articles and saves converted Markdown locally. Expect network access to WeChat and image CDN URLs, local output files under the selected directory, and image downloads unless --no-images is used. Run it on URLs you trust and use an isolated output folder if you do not want article media retained in a sensitive workspace.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (4)

Description-Behavior Mismatch

Medium

Confidence: 82% confidence
Finding: The skill's default behavior goes beyond pure conversion by downloading remote images and writing both images and Markdown files to local storage automatically. In an agent context, this creates side effects and persistent artifacts without an explicit user confirmation step, which increases risk of unwanted disk writes, storage abuse, and handling of untrusted remote content.

Context-Inappropriate Capability

Medium

Confidence: 79% confidence
Finding: The code launches a persistent Playwright browser context with numerous automation-evasion flags that are broader than necessary for simple article extraction. In an agent skill, this expands attack surface and can facilitate stealthier browsing behavior against third-party sites, which is risky when processing untrusted URLs.

Missing User Warnings

Low

Confidence: 89% confidence
Finding: The workflow and examples normalize saving converted articles and downloading images locally, but the skill description does not prominently warn users that running it may create directories, write Markdown files, and persist remote media. This can mislead users about side effects, causing unexpected local storage use, data retention, or writes in sensitive environments.

Missing User Warnings

Low

Confidence: 76% confidence
Finding: The tool writes Markdown output to disk automatically, which creates local side effects from remote content without an explicit confirmation checkpoint. In an agent environment, silent file creation can surprise users, clutter storage, or persist untrusted content in sensitive working directories.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal