Wechat Compliance Check

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed WeChat article compliance helper that scans and optionally rewrites user-selected text files, with no hidden code, network use, or credential handling found.

Install this only if you want Chinese-language WeChat article compliance review. Use report-only mode for drafts you do not want changed, and use --fix only on files you are comfortable modifying after reviewing the replacement suggestions and backup behavior.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The trigger phrases include very common terms such as '违规', '敏感词', '审核', and '公众号合规', which can appear in many unrelated conversations. This can cause the skill to activate outside its intended scope, leading to unintended processing or rewriting of user content in contexts where the user did not actually request a WeChat compliance check.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The skill describes automatically modifying local files and creating backups when '--fix' is used, but it does not explicitly require clear user confirmation or warn about file mutation before execution. In an agent setting, that raises the risk of unintended destructive or privacy-sensitive edits to local content, especially if the skill is invoked from a broad publishing or review request.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal