ClawHub

wecom-doc

Security checks across malware telemetry and agentic risk

Overview

This skill performs real WeCom document and smart-table writes, but it is scoped broadly enough that ordinary document requests could be routed to WeCom and full-document overwrites may occur without a clear confirmation step.

Install only if you intend the agent to create and modify WeCom documents through your configured WeCom/MCP account. Be explicit about the target platform and workspace, verify the mcporter package before global installation, and require manual confirmation before any edit_doc_content operation because it replaces the whole document.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
94% confidence
Finding
The skill is configured with broad activation language and explicitly says unspecified requests like '创建文档' should default to WeCom documents. This can cause the agent to route ambiguous user intents to a tool that creates or edits enterprise documents without confirming the target platform, increasing the risk of unintended actions in the wrong system.

Vague Triggers

Medium
Confidence
97% confidence
Finding
The intent-handling section directly instructs the agent to interpret non-platform-specific document requests as WeCom requests without clarification. In a tool capable of creating and overwriting documents, this ambiguity can lead to unintended enterprise-side modifications or data placement in the wrong workspace.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The top-level skill description advertises document creation and editing but does not clearly disclose that editing may invoke a full-overwrite operation. Users or downstream agents may assume edits are incremental, which raises the likelihood of accidental destruction of existing content.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal