ClawHub

wechat-article-writer

Security checks across malware telemetry and agentic risk

Overview

This is a coherent WeChat article-writing assistant, but it can read and save local writing-style notes and may use web or media tools during the workflow.

Install only if you are comfortable with the assistant reading writing samples you place in my-articles and saving summaries in my-style.md and creation-log.md. Avoid putting confidential drafts there, review or delete those local files when needed, and skip web research or automatic media generation for sensitive topics.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (13)

Intent-Code Divergence

High
Confidence
96% confidence
Finding
The skill claims that all analysis remains local and that user content never leaves the device, yet Phase 2 explicitly requires market research via web search. That mismatch can mislead users into sharing sensitive drafts, notes, or style materials under a false privacy assurance, resulting in unintended network disclosure.

Vague Triggers

Medium
Confidence
89% confidence
Finding
Overly broad triggers such as generic article-writing phrases can cause the skill to activate for unrelated requests. In this skill, unintended invocation matters because activation may lead to persistent logging, style-file access, or workflow steering that the user did not intend.

Vague Triggers

Medium
Confidence
90% confidence
Finding
These Chinese triggers are common writing-help phrases and are insufficiently scoped to the WeChat/public-account domain. Because the skill includes storage, style-learning, and workflow control behaviors, accidental activation can expose user content to the wrong tool context and create unnecessary data handling.

Vague Triggers

Medium
Confidence
91% confidence
Finding
Ambiguous triggers for review, polishing, and writing assistance overlap with ordinary editing requests. In context, that can route unrelated user text into a skill that reads/writes persistent logs and may consult personal corpora, increasing the chance of unintended data retention or capability misuse.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill presents a strong privacy guarantee while also instructing online market research, without warning users about potential network access. This creates a trust and consent failure: users may provide confidential materials believing processing is local-only when the workflow contemplates external retrieval.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The file states that the AI will automatically analyze the user's personal articles under `my-articles/` and populate this style profile, but it does not clearly warn that private user content will be read and that this file may be modified as a result. In a writing-assistant skill that handles personal drafts and style libraries, silent ingestion and persistence of user-authored content creates a meaningful privacy and consent risk, especially if users do not expect automatic analysis or storage of derived personal writing traits.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger list includes broad phrases such as “写文章”, “article writing”, and “writing assistant”, which are common user utterances not uniquely tied to this skill’s WeChat-specific comparison workflow. This can cause accidental invocation in unrelated contexts, leading the agent to take over conversations unexpectedly, gather unnecessary user content, or route users into the wrong workflow.

Natural-Language Policy Violations

Medium
Confidence
95% confidence
Finding
The template hard-codes Chinese-language system behavior and mandated dialogue phrases without offering a user-language preference or opt-in. This can override user intent, reduce accessibility, and cause the assistant to respond in an unintended language, which is a real security/quality boundary issue for agent behavior even though it is not directly code-execution related.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The natural-language triggers for material-library management are broad and overlap with ordinary writing conversation, which can cause unintended state-changing actions such as modifying `my-style.md` or listing/searching personal articles. In this skill, that matters because the feature operates on local personal content and is available 'at any time,' so ambiguous routing can lead to privacy exposure or unauthorized file updates without clear user intent.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The guide instructs the agent to automatically generate and update `my-style.md` but does not clearly disclose, at the point of action, that this writes a local file and persists derived profile data. This creates a consent and transparency problem: users may believe the agent is only analyzing text transiently, while it is actually storing a lasting style profile that can affect later outputs.

Ssd 3

Medium
Confidence
93% confidence
Finding
The skill requires creation and continual updating of a persistent creation-log.md containing user preferences, discussion conclusions, and workflow state. Persistent natural-language logs increase the risk of retaining sensitive user content longer than necessary and of later leakage through file access, reuse, or accidental inclusion in outputs.

Ssd 3

Medium
Confidence
94% confidence
Finding
The style-learning workflow instructs the system to ingest the user's article corpus and reuse it to shape future outputs. If those materials contain private or proprietary information, the skill may surface or echo them in later generations, creating an unintended disclosure path.

Ssd 3

Medium
Confidence
92% confidence
Finding
Encouraging users to place manually edited final documents into a corpus for future learning extends data retention and broadens the set of personal content reused by the skill. That raises the chance that sensitive edits, names, business details, or unpublished material are later reflected back unintentionally.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal