Back to skill

Security audit

Wechat

Security checks across malware telemetry and agentic risk

Overview

This skill is a read-only guide for summarizing public WeChat pages and does not include code, account access, persistence, or hidden installation behavior.

Use this only for public WeChat share links or public pages. Avoid using it for private chats, login-required pages, account actions, messaging, or sensitive links unless you separately trust the agent and browsing tools involved.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)

Vague Triggers

Medium
Confidence
86% confidence
Finding
The description says the skill should be called when access or automation is needed for 'WeChat-related content,' which is broad enough to match ambiguous requests and over-trigger the skill. In an agent setting, that can route users into WeChat-oriented web automation unnecessarily, increasing the chance of unintended browsing, scraping, or interaction with sensitive third-party content despite later text limiting the skill to public pages.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.