ClawHub

Weixin Connect

Security checks across malware telemetry and agentic risk

Overview

This skill appears to connect a personal WeChat account, but it requires uploading a login QR image to an unspecified CDN and persists account tokens with limited user control.

Review before installing. Use this only if you trust the npm installer and are comfortable with a short-lived WeChat login QR image being uploaded to an unspecified CDN and a persistent bot token being saved under your home directory. Prefer a local-only QR display path and ask for clear consent, cleanup, and revocation instructions before using it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
85% confidence
Finding
The skill directs the agent to execute shell commands and install a package with `npx -y` from the network. Even if framed as plugin setup, this expands the trust boundary from a simple account-connection flow to arbitrary code execution from external sources, which can change the local environment and introduces supply-chain risk.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The skill explicitly uploads the login QR code to an external CDN and prefers that path over local display. A login QR code is effectively an authentication artifact; sending it to a third party creates unnecessary disclosure of a sensitive login token and could allow interception, replay, logging, or unauthorized access depending on downstream controls.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill writes persistent credential files containing bot tokens into the user's home directory and restarts the gateway, but provides no explicit warning or consent step for storing secrets or modifying runtime state. This is risky because it silently changes local configuration, persists authentication material, and may expose tokens to other local processes, backups, or users if the environment is not properly secured.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal