公众号内容创作/改写/润色/排版/标题优化/封面提示词，偏“像真人写作”的表达方式

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only WeChat writing aid, but it automatically inserts fixed ChainThink crypto promotion, an external link, and a WeChat group CTA into generated articles.

Install only if you want ChainThink-style crypto/Web3 WeChat drafts and are comfortable reviewing/removing the fixed QR-code prompt, group invitation, and external ChainThink link before publishing. The skill does not appear to run code or access private data, but its generated articles may include promotional content by default.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (3)

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: The skill hard-codes promotional behavior into the output by requiring a fixed external link and a WeChat QR-code funnel in the final article, which exceeds normal writing assistance and turns the agent into a distribution channel for external promotion. This is risky because users may unknowingly publish third-party links or recruitment CTAs that were not explicitly requested, creating trust, spam, and policy-compliance issues.

Description-Behavior Mismatch

Medium

Confidence: 94% confidence
Finding: The file contains hardcoded templates and mandatory closers centered on cryptocurrency speculation, market timing, and directing readers into off-platform groups, which materially diverges from the stated generic WeChat article writing purpose. This creates a hidden behavioral shift in the skill: users expecting neutral copywriting assistance may instead generate financial hype and traffic-funneling content, increasing risks of deceptive promotion, unsuitable financial content generation, and policy/compliance violations.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill instructs the model to always add a WeChat group QR code and invitation CTA without any warning about privacy, external contact, or data-sharing implications. This can socially engineer readers into joining off-platform groups where personal identifiers may be exposed, and it bypasses informed user consent about adding such calls to action.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal