Back to skill

Security audit

WeChat RSS

Security checks across malware telemetry and agentic risk

Overview

This skill does what it claims: it fetches WeChat RSS articles from wcrss.com using a user-provided API key and caches the results locally.

Install only if you are comfortable using a wcrss.com API key from your environment. The skill will contact api.wcrss.com, cache returned article and publisher data locally, and pass article HTML to the assistant for summarization; clear the cache if that content should not remain on disk.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill instructs the agent to execute a Python script that reads an API key from the environment, performs network requests to a third-party service, and uses local caching, yet the skill does not declare permissions for those capabilities. This weakens user awareness and policy enforcement because sensitive actions such as external data transfer and local file access can occur without explicit disclosure or consent boundaries.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The description says the skill reads `WCRSS_API_KEY` and calls wcrss.com, but it does not clearly warn users that their requests and configured credential will be sent to a third-party service. This is a transparency and privacy issue: users may invoke the skill without realizing an external provider receives their activity and an authentication secret is used on their behalf.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.