ClawHub

微信智能聊天(MBTI版)

Security checks across malware telemetry and agentic risk

Overview

This skill’s WeChat automation purpose is clear, but it handles private chats, external AI/translation services, clipboard data, and automatic sending with weak disclosure and controls.

Install only if you are comfortable with the tool reading WeChat chat windows, using the clipboard, sending message text to configured AI and translation APIs, and potentially sending replies automatically. Prefer using it only with non-sensitive chats, verify all endpoint URLs and API keys yourself, disable or avoid auto-send unless you review replies first, and do not use it where other chat participants have not consented to third-party processing.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (10)

Tainted flow: 'url' from os.environ.get (line 245, credential/environment) → requests.post (network output)

Critical
Category
Data Flow
Content
"stream": stream
        }
        
        response = requests.post(
            url,
            headers=self.headers,
            json=payload,
Confidence
96% confidence
Finding
response = requests.post( url, headers=self.headers, json=payload, stream=False, # 获取完整响应 timeout=60 )

Tainted flow: 'url' from os.environ.get (line 245, credential/environment) → requests.post (network output)

Critical
Category
Data Flow
Content
# Send request
        url = self.endpoint + self.path
        r = requests.post(url, params=payload, headers=headers)
        result = r.json()
        
        # 检查是否有错误
Confidence
98% confidence
Finding
r = requests.post(url, params=payload, headers=headers)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The changelog explicitly advertises automatic WeChat window monitoring, message detection, and automatic response sending, but it provides no warning about the privacy, consent, and system-interaction risks of monitoring chat content and injecting replies into another application. In this context, that omission is security-relevant because users may deploy the skill without understanding that it can read sensitive messages, manipulate the UI, and send unintended content on their behalf.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README explicitly advertises automatic monitoring of WeChat chats, translation of message content, LLM-based reply generation, and automatic sending, but it does not clearly warn users that chat content may be transmitted to external AI and translation services. In this context, users could unknowingly expose private conversations or business data to third-party APIs, making the omission a real privacy and consent risk.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill is designed to monitor WeChat conversations automatically and send extracted chat content to external LLM/translation services, yet the documentation does not prominently warn users about privacy, consent, or third-party data transmission. In this context, the risk is elevated because private chat messages may contain sensitive personal or business information and are processed without clear notice or recipient consent.

Missing User Warnings

Low
Confidence
88% confidence
Finding
The documentation mentions clipboard access only as an operational requirement, but does not clearly warn that both captured chat messages and generated replies may pass through the system clipboard. Clipboard contents can be read by other local applications or overwritten unexpectedly, creating confidentiality and integrity risks for sensitive conversations.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The manifest describes automatic monitoring of a WeChat chat window, translation, and intelligent reply behavior without any explicit activation boundary, consent requirement, or scope limitation. In this context, that creates a real privacy and misuse risk because chat content may be continuously captured and sent to external services without clear user awareness or per-conversation authorization.

Missing User Warnings

Medium
Confidence
99% confidence
Finding
The script copies chat text from the WeChat UI and submits it to external LLM and translation services without a contemporaneous warning or explicit informed consent. In this context, the data source is private messaging content, so silent transmission to third parties creates a significant privacy and confidentiality risk.

Missing User Warnings

Medium
Confidence
99% confidence
Finding
The code reads API credentials from user input and then prints them back to the console in full. This exposes secrets to shoulder surfing, terminal logging, shell history capture, screen recording, and other local disclosure channels.

External Transmission

Medium
Category
Data Exfiltration
Content
"QWEN_BASE_URL": {
      "description": "Qwen 模型 API 基础地址",
      "required": true,
      "example": "https://api.example.com/v1"
    },
    "QWEN_API_KEY": {
      "description": "Qwen 模型 API 密钥",
Confidence
83% confidence
Finding
https://api.example.com/

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal