ClawHub

WeChat Article Extractor

Security checks across malware telemetry and agentic risk

Overview

This skill appears purpose-aligned for extracting WeChat articles, but it asks for broad local command and optional browser access that users should review carefully before installing.

Install only if you are comfortable granting local command execution and possible browser-page access for this extraction workflow. Prefer using it with explicit article URLs and output paths, avoid sensitive browser sessions, and review generated filenames/commands before execution.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
82% confidence
Finding
The skill writes extracted article content to local Markdown files and appears capable of file access, but it does not declare those permissions explicitly. Hidden or undeclared file-write behavior weakens user consent and platform policy enforcement, especially because the skill defaults to saving under /tmp and may later copy elsewhere on user request.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The manifest requests powerful local execution capability (`exec`) and a system dependency on `curl` even though the visible skill purpose is fetching and converting a WeChat article to Markdown. Because the skill already declares `web_fetch` and `web_search`, adding command execution expands the attack surface substantially and could enable arbitrary shell commands, SSRF-style network access, or unsafe processing if later prompts or implementation use untrusted URLs or content.

Missing User Warnings

Low
Confidence
74% confidence
Finding
The skill instructs saving content to disk with a default location but does not clearly warn the user that local files will be created automatically. Even though the write is part of the intended workflow, silent local persistence can surprise users and may expose sensitive reading material or overwrite expected files if naming is not constrained.

Unrestricted Tool Access

Medium
Category
Excessive Agency
Content
No persistent configuration required. The skill uses standard OpenClaw tools (`web_fetch`, `web_search`, `exec`) and optionally `browser` for the Chrome Relay fallback.

**Required tools:**

| Tool | Purpose |
|------|---------|
Confidence
84% confidence
Finding
tools:*

Unrestricted Tool Access

Medium
Category
Excessive Agency
Content
| `web_search` | Mirror site discovery |
| `exec` | Run curl and Python extraction script |

**Optional tools:**

| Tool | Purpose |
|------|---------|
Confidence
80% confidence
Finding
tools:*

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal