Back to skill

Security audit

微信公众号自定义主题应用工具

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward WeChat draft publishing workflow that uses user-provided files and credentials, with no hidden code or automatic execution shown.

Before installing, verify the wenyan-cli package source, keep WECHAT_APP_ID and WECHAT_APP_SECRET out of logs and shared files, and require the agent to show the Markdown path, CSS path, render result, and target account context before running the publish command.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill directs an agent to publish Markdown content to WeChat drafts, which transmits article contents to an external third-party service, but it provides no user-facing warning, consent checkpoint, or data-handling notice. This is dangerous because an agent may upload sensitive, unpublished, or proprietary content without the user clearly understanding that data is leaving the local environment.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill requires `WECHAT_APP_ID` and `WECHAT_APP_SECRET` environment variables but does not include guidance on secure credential handling, storage, scope, or disclosure risks. This can lead agents or users to expose secrets in logs, shell history, screenshots, shared environments, or unsafe automation contexts, increasing the chance of account compromise.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.