Back to skill

Security audit

WeChat Messenger

Security checks across malware telemetry and agentic risk

Overview

This skill does what it claims, but it can immediately send real WeChat messages from the user's logged-in account using mouse, keyboard, and clipboard automation without a confirmation step.

Install only if you are comfortable letting the skill take over WeChat focus and send messages immediately from your account. Verify the target contact first, avoid using the computer while it runs, and consider adding a confirmation or dry-run step before use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill describes GUI automation that activates the WeChat window, moves the cursor, injects keyboard input, and sends a live message, but it does not clearly warn users that it will take control of mouse/keyboard focus and transmit content immediately. This can cause unintended message delivery, interference with user activity, or accidental disclosure if the wrong chat is focused or the desktop state differs from expectations.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The script sends WeChat messages directly by focusing the WeChat window, populating the clipboard, simulating keyboard input, and pressing Enter with no user confirmation, preview, or recipient verification step. This is dangerous because any caller that can invoke the script controls both recipient and message, enabling accidental or unauthorized outbound messaging, misdelivery to the wrong chat, and abuse for spam or social-engineering from the user's account.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.