Back to skill

Security audit

WeChat Send

Security checks across malware telemetry and agentic risk

Overview

This skill sends WeChat messages as advertised, but it needs review because crafted contact or message text could alter the AppleScript automation and it sends real messages without a confirmation step.

Install only if you are comfortable granting desktop automation control to send messages from your real WeChat account. Use exact recipient names, avoid untrusted or complex contact/message text, and prefer a revised version that safely escapes AppleScript input, confirms recipient and content before sending, and preserves the clipboard.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The script overwrites the global system clipboard with the message content as an implementation detail, but this side effect is not disclosed in the skill description and can destroy user clipboard contents or expose sensitive copied data during automation. In this context, the skill is meant only to send a WeChat message; silently modifying a shared OS resource exceeds that narrow user expectation and creates avoidable privacy and usability risk.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The script injects low-level global mouse events through CoreGraphics to click screen coordinates derived from the WeChat window, which is broader and more dangerous than app-scoped automation. Global event injection can misfire if window geometry changes or focus is stolen, causing unintended clicks in other applications and enabling actions outside the stated purpose of sending a message.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
This skill performs an external, real-world action by sending a message to an actual WeChat contact, and the action may be irreversible once delivered. The documentation warns about wrong-recipient risk in limitations, but it does not clearly foreground that execution causes outbound communication to third parties, which increases the chance of accidental misuse or privacy-impacting mistakes.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script performs two user-impacting actions—overwriting the clipboard and sending a message—without an explicit warning, dry-run mode, or confirmation step. Because sending a WeChat message is an externally visible action and clipboard modification affects the whole desktop session, the lack of notice and confirmation increases the risk of accidental data leakage, mis-sends, and user surprise.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.