ClawHub

微信定时推送

Security checks across malware telemetry and agentic risk

Overview

This documentation-only skill sets up scheduled WeChat reminders as advertised, but users should handle routing identifiers carefully and verify recipients before recurring pushes.

Install only if you want OpenClaw to create scheduled WeChat pushes. Treat sessionKey, userId, and WeChat account JSON contents as sensitive, avoid sharing them in logs or screenshots, confirm the intended recipient before creating a task, and delete recurring cron jobs when they are no longer needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README explicitly documents proactive scheduled delivery of messages to a specific user's WeChat session, but does not mention user consent, authorization boundaries, retention, or misuse risks. In a messaging/integration skill, this omission matters because the feature enables contacting identified users outside an active conversation, which can facilitate spam, privacy violations, or unauthorized monitoring if operators misuse session routing.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The instructions tell operators how to enumerate sessions and derive user-specific session keys from local account metadata, but do not warn that these identifiers are sensitive routing secrets tied to individual users. Exposing where to retrieve and how to construct them lowers the barrier to targeting specific users and increases the risk of unauthorized message delivery, account metadata leakage, or abuse by anyone with local access.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The skill description contains broad trigger phrases such as reminders, daily pushes, scheduled notifications, and proactive WeChat messaging, which are common in ordinary conversation. This increases the chance the agent invokes the skill unintentionally and creates or modifies outbound cron tasks without the user fully realizing an external message will later be sent. In this context, the risk is higher because the skill performs delayed, proactive delivery to a messaging channel tied to a specific user session.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill enables automatic outbound messaging to WeChat and routes delivery using a sessionKey that identifies a specific user, but the description does not prominently warn that this creates proactive external communications. Without a clear warning and confirmation requirement, users may not understand that the agent can send future messages automatically to a chosen recipient, creating privacy, spam, and misdelivery risks if the wrong sessionKey is used. The surrounding content makes this more dangerous because it explicitly teaches how to discover session keys from local files and session listings, which lowers the barrier to targeting a specific account.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal