WeChat Cover

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a normal image-generation helper, with expected external API use and file output clearly tied to its WeChat cover purpose.

Install only if you are comfortable sending article titles/topics to the configured image provider. Prefer official OpenAI or Gemini endpoints unless you trust the proxy, keep API keys in private environment variables or local config, and avoid using confidential unpublished content in prompts.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (3)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 91% confidence
Finding: The skill clearly uses sensitive capabilities—network access, environment/config secret reading, and file output—yet declares no permissions or equivalent warnings. This weakens user consent and reviewability, making it easier for the skill to access API keys, send prompts to third-party services, and write files without explicit disclosure.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 89% confidence
Finding: The documented behavior understates the actual trust boundary: the skill can send data to arbitrary OpenAI-compatible proxy endpoints and use alternate generation paths beyond the named providers. That mismatch can cause users to unknowingly route titles, topics, and credentials to untrusted third parties, and the Gemini output-path inconsistency also means the claimed safety/format guarantees are not reliably enforced.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The documentation describes API-backed image generation but does not clearly tell users that article titles, topics, and possibly other prompt content will be transmitted to external OpenAI, Gemini, or proxy services. This is a privacy and compliance risk, especially if titles or topics contain confidential, unpublished, or regulated information.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal