ClawHub

Wechat Article Export

Security checks across malware telemetry and agentic risk

Overview

This skill exports a user-provided WeChat article to local files as advertised, but users should understand it makes outbound requests and uses browser anti-automation settings.

Install only if you are comfortable with the skill fetching WeChat article content, optionally downloading embedded images, and running a headless Chromium browser with anti-automation settings. Use --no-images when you do not want remote images downloaded, and choose an output directory where persistent article copies are acceptable.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill metadata declares only Read and Write tools, but the documented behavior clearly requires outbound network access to fetch `mp.weixin.qq.com` content and optionally download remote images. This mismatch weakens transparency and policy enforcement because reviewers or runtimes may underestimate the skill's actual capabilities and data flow.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The Playwright context is configured with multiple anti-detection measures that go beyond normal rendering for article export: disabling AutomationControlled, spoofing navigator.webdriver/plugins/languages, faking chrome objects and permissions, and altering page visibility. In a skill whose purpose is exporting public WeChat articles, this materially increases the ability to bypass site defenses and access content under conditions the site may be trying to block, which is risky even if not overtly credential-stealing malware.

Missing User Warnings

Low
Confidence
77% confidence
Finding
The skill does mention image downloading in examples, but it does not prominently warn in the main description that Markdown export may fetch remote images and write multiple files/directories to disk. This can surprise users and agents, leading to unintended network access, extra storage consumption, or writing unreviewed content into the workspace.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal