Back to skill

Security audit

Wechat Article Auto Gen

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent WeChat article-generation workflow, but it exposes a hardcoded image-provider API key and sends scraped article content to external AI services with limited user-facing safeguards.

Review before installing. Do not use the embedded API key; treat it as exposed and replace it with your own scoped credential. Only scrape or rewrite articles you have rights to process, avoid confidential material, and confirm source URLs and provider calls before sending content to external AI or image services.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Intent-Code Divergence

Medium
Confidence
91% confidence
Finding
The rewrite function sends the full scraped article content to an external LLM API, which creates a real data-transmission risk that is not obvious from the high-level description. If scraped content contains copyrighted, sensitive, or user-supplied material, the skill may disclose it to a third party without consent, minimization, or retention controls.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill describes scraping articles, calling external AI/image APIs, and generating files, but does not warn users about privacy, copyright, or outbound data-sharing implications. In this workflow, users may unknowingly process third-party content and transmit it to vendors, increasing legal and confidentiality exposure.

Ssd 3

Medium
Confidence
92% confidence
Finding
The instructions tell the model to ingest the full original article and preserve its core information, which materially increases the chance of reproducing copyrighted, sensitive, or harmful source material. Without clear minimization boundaries, the system can become a conduit for third-party content propagation and data leakage.

VirusTotal

53/53 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.