ClawHub

微信公众号媒体下载器 WeChat Media Downloader

Security checks across malware telemetry and agentic risk

Overview

This skill does what it advertises, but it needs careful review because it attaches to a verified Chrome session and saves page data locally.

Install only if you are authorized to save the target WeChat media and are comfortable letting the skill attach to a Chrome session. Use a fresh temporary Chrome profile, keep the debugging port local, close Chrome when finished, and delete intermediate HTML/text/JSON files if they may contain sensitive content.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill clearly performs network access, reads/writes local files, and instructs use of external scripts, yet it declares no permissions or capability boundaries. That omission reduces transparency and prevents operators from understanding that the workflow accesses a live browser debugging endpoint and saves page/media artifacts locally, which can expose authenticated content or local data if misused.

Tp4

High
Category
MCP Tool Poisoning
Confidence
89% confidence
Finding
The documented purpose understates several sensitive behaviors: saving full HTML locally, depending on an exposed remote-debugging browser session, and implementing narrower or hardcoded download logic than described. Description/behavior mismatch is dangerous because it impairs informed consent and can hide collection of extra authenticated content beyond what a user expects from a simple media downloader.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The description states the skill will switch to a visible Chrome session, perform human verification, connect through Chrome remote debugging, and automatically download media, but it does not clearly warn users about the security and privacy implications of attaching to a real browser session and writing files locally. Remote debugging can expose active tabs, cookies, page content, and authenticated state; without explicit disclosure, users may grant broader access than they realize.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The script writes full page HTML, extracted body text, and captured media URLs to disk without any consent prompt, minimization, or redaction. In the context of a tool that attaches to a live browser session, this can persist sensitive article content, tokens embedded in page markup, or unrelated user data from the selected page, creating avoidable privacy and data-handling risk.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script connects to a local Chrome DevTools Protocol endpoint and passively monitors requests and responses from an existing browser context, which can expose network activity and page data far beyond the intended article. Because it reuses an already-open browser/profile and searches available pages, it may capture sensitive browsing information if the wrong tab or context is selected, making this a meaningful surveillance and privacy risk even though the apparent goal is media extraction.

Ssd 4

Medium
Confidence
95% confidence
Finding
The workflow explicitly guides the operator from ordinary access into attaching to a human-authenticated Chrome session after anti-bot or verification gates appear, then harvesting media URLs from that trusted state. This is dangerous because it operationalizes bypass of platform access controls and uses a live debugging interface to extract authenticated resources that direct scraping could not obtain.

Ssd 1

Medium
Confidence
96% confidence
Finding
The skill frames its behavior as helpful media downloading, but the core method is to leverage a user-verified browser state and CDP connection to obtain 'real' media addresses specifically when anti-bot checks interfere. That context makes it more dangerous because the technique can be repurposed to extract authenticated content, session-derived requests, or other protected resources from a browser the user has already unlocked.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal