ClawHub

wechat draft deleter

Security checks across malware telemetry and agentic risk

Overview

This skill appears purpose-built to delete WeChat public-account drafts, but it needs careful review because it uses account credentials for irreversible deletion and documents unsafe credential and no-confirm automation patterns.

Review before installing. Use only credentials for a WeChat account where draft deletion is intended, replace example secrets with placeholders, keep AppSecret out of scripts/logs/source control, verify every Media ID list, and avoid --force unless a separate approval or dry-run process exists.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill documentation indicates capabilities to read environment variables, read files, access the network, and invoke shell-based installation, yet no explicit permissions are declared. This creates a trust and review gap: operators may install or run a skill without understanding that it will access secrets (AppID/AppSecret), local files, and external APIs, which increases the chance of unintended data exposure or overprivileged execution.

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
The README includes real-looking AppID and AppSecret values directly in an example shell script, which normalizes hardcoding credentials into scripts and logs. Even if these are demo values, users may copy the pattern into production workflows, causing secret exposure through shell history, repositories, CI logs, or shared automation files.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal