ClawHub

WeChat Read CN

Security checks across malware telemetry and agentic risk

Overview

This skill appears purpose-built for reading WeChat chats, but it needs Review because it captures private conversations and leaves sensitive local artifacts behind.

Install only if you are comfortable granting Screen Recording and Accessibility access and having an agent read the selected WeChat conversation. Use it only for chats you are authorized to access, keep page counts low, verify the target contact or group before capture, and delete /tmp/wechat_read_* files plus /tmp/wechat_read_clip.txt after use; assume the clipboard may be overwritten during execution.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (7)

Missing User Warnings

Medium
Confidence
88% confidence
Finding
This skill automates screenshot capture and OCR of WeChat chat history, which is inherently privacy-sensitive because it may expose personal messages, contact names, timestamps, and unrelated on-screen content. The description and operating guidance explain the mechanics in detail but do not prominently warn the user that private communications will be captured and processed, increasing the risk of uninformed consent and accidental over-collection.

Missing User Warnings

High
Confidence
96% confidence
Finding
The script captures private WeChat conversation screenshots and stores them in predictable /tmp paths without any consent prompt, access controls, or cleanup guarantees. On multi-user systems or where other local processes can read temporary files, this can expose sensitive chat history and metadata beyond the user's intent.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script writes the contact identifier to both a world-discoverable temp file path and the system clipboard, which can leak sensitive names, group titles, or search targets to other apps, clipboard managers, or local observers. Clipboard modification also has side effects for the user and is done without notice or restoration of prior clipboard contents.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill captures sensitive chat content and writes screenshots to predictable files under /tmp, a shared temporary location that may expose private conversation data to other local processes or later users of the system. In this skill context, the data being handled is inherently sensitive, so weak storage hygiene increases privacy and confidentiality risk.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script captures private WeChat conversation screenshots and writes them to predictable paths under /tmp without any explicit user-facing notice, confirmation, or tighter file protections. On multi-user systems or systems with other local processes monitoring temporary files, this can expose sensitive chat content beyond the user's intended scope.

Missing User Warnings

Low
Confidence
89% confidence
Finding
The clip_write function places the contact name into the system clipboard, which can overwrite existing clipboard contents and make the searched contact visible to other applications, clipboard history tools, or remote sync features. While the data copied is limited, it still creates an unnecessary privacy leak without disclosure or restoration of prior clipboard contents.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The fallback and pagination flows explicitly instruct an agent to analyze screenshots that may contain chat content, but the script does not clearly disclose to the user that private messages could be exposed to another processing component. This is a privacy and data-handling risk because highly sensitive conversation content may be shared outside the local UI interaction boundary.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal