ClawHub

WeChat Social Automation

Security checks across malware telemetry and agentic risk

Overview

This skill is a WeChat automation prototype that asks for sensitive account secrets and describes public posting/account-management actions without enough safeguards or secret-handling guidance.

Install only if you are comfortable treating this as an unfinished prototype. Do not put real AppSecret values in TOOLS.md or other shared markdown files; use a secure secret mechanism, keep permissions minimal, and require explicit review before any post, scheduled push, auto-reply, or follower-management action.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The README instructs users to place a WeChat AppSecret directly into TOOLS.md, which encourages storing sensitive credentials in a likely plaintext documentation/config file without any secrecy controls. This increases the risk of accidental disclosure through source control, logs, screenshots, or sharing of the skill workspace, potentially allowing takeover or abuse of the connected public account.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger list includes very common terms such as '微信', '发布', and '推送', which can cause the skill to activate in unrelated conversations. Because this skill is intended to automate publishing and social account actions, overbroad activation increases the chance of accidental invocation for sensitive or high-impact operations.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill asks for sensitive credentials including AppID and AppSecret and describes automated publishing capabilities, but it provides no warnings about secure secret handling, permission scope, confirmation before posting, or the risks of automated account actions. In this context, missing safeguards can lead to credential exposure, unauthorized posting, account misuse, and reputational or business harm.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal