ClawHub

WeChat Writing Workflow

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a coherent WeChat publishing workflow, but it needs review because it can affect live public posts and credentials without enough safety guidance.

Install only after reviewing the referenced publisher tools separately. Treat WECHAT_APP_SECRET as sensitive, avoid exposing it in prompts/logs/shell history, and rotate it if exposed. Use draft/preview-only defaults and require explicit manual approval before any schedule, publish, or group-send action. Do not use the rewrite guidance to disguise copied work; use original writing, limited quotation, attribution, and licensed sources.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Intent-Code Divergence

Medium
Confidence
93% confidence
Finding
The skill explicitly documents a '内容改写/洗稿' workflow and includes steps such as 'AI 去痕迹' and '降重处理', which are commonly associated with deceptive paraphrasing to evade originality checks. Even though a later section says to avoid plagiarism, the operational guidance still normalizes and enables misuse, making the contradiction insufficient to mitigate risk.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill instructs users to export WECHAT_APP_ID and WECHAT_APP_SECRET but provides no warning about treating these as secrets, avoiding hardcoding, preventing logging, or using secure secret storage. This can lead to credential leakage through shell history, screenshots, shared terminals, repositories, or agent logs, which could enable unauthorized access to the connected WeChat account.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The workflow includes live-impacting actions such as immediate publish, scheduling, and mass-send without prominent safety warnings, confirmation steps, or sandbox/draft-first requirements. In an automated agent context, this increases the chance of accidental publication of incorrect, unreviewed, or unauthorized content to real users.

Vague Triggers

Medium
Confidence
85% confidence
Finding
The trigger list includes broad content-creation terms such as "内容创作" that could match ordinary user requests unrelated to this specific workflow. Over-broad activation can cause the skill to run in unintended contexts, increasing the chance of surprising actions or routing users into a publishing workflow they did not explicitly request.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The manifest advertises automatic publishing and push behavior but does not warn that the skill may create drafts or affect external publishing state. In a skill that integrates publishing tools, omission of explicit user-consent language increases the risk of accidental content publication or mass messaging.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The workflow explicitly includes draft creation, preview checks, scheduled publishing, and broadcast sending without any stated confirmation gate or safety notice. Because these are external side-effect actions on a live WeChat publishing channel, unintended activation could directly publish content or send messages to an audience.

Ssd 2

Medium
Confidence
95% confidence
Finding
The section gives paraphrasing guidance aimed at obscuring derivation from source material, including 'AI 去痕迹' and '降重处理', which can facilitate deceptive rewriting and circumvention of originality detection. In a content-production workflow, this is especially risky because it operationalizes misuse at scale and could expose users to plagiarism, copyright, platform-policy, and reputational harms.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal