ClawHub

wechat-article-explainer

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward WeChat article reader that uses normal network fetching for its stated purpose, with some scoping and privacy caveats to understand before use.

Use this only with intended mp.weixin.qq.com article links and avoid giving it private or internal URLs. Prefer running it in a virtual environment, keep dependencies current, and be cautious with the optional --output path because it can overwrite files the process can access.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
98% confidence
Finding
The tool is described as handling WeChat article URLs, but it passes any user-supplied URL directly into requests.get() or Playwright page.goto() without validating that the host is mp.weixin.qq.com. In an agent environment, this becomes a generic URL fetch primitive that can be abused for SSRF-like access to internal services or unintended outbound requests, which is more dangerous than the stated skill purpose suggests.

Context-Inappropriate Capability

Low
Confidence
86% confidence
Finding
The --output option allows writing results to an arbitrary filesystem path, which is broader capability than needed for simply reading and explaining an article. In a larger agent or automation context, if an attacker can influence that argument, it could overwrite files accessible to the process, cause data clobbering, or place content in sensitive locations.

Missing User Warnings

Low
Confidence
84% confidence
Finding
The README states that the skill will automatically fetch WeChat article content from a user-provided URL, but it does not clearly warn users that invoking the skill causes outbound network requests and transmits the supplied link to external services. In an agent setting, this can surprise users, leak sensitive or internal URLs, and create unintended data-handling or privacy issues even if the feature is functionally expected.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal