ClawHub

md2wechat

Security checks across malware telemetry and agentic risk

Overview

This WeChat publishing skill is mostly transparent, but it includes under-scoped features for disguising AI-written content and mimicking creator styles while using account credentials.

Install only if you trust the md2wechat CLI source and are comfortable granting it WeChat Official Account credentials. Use inspect, preview, dry-run, and explicit approval before upload or post creation; review provider/base URL settings before processing private drafts; avoid using the humanize or creator-style features to mislead readers, hide required AI disclosure, impersonate creators, or copy identifiable styles without authorization.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Natural-Language Policy Violations

Medium
Confidence
91% confidence
Finding
The skill explicitly markets 'remove AI writing traces,' which frames the tool as helping users disguise AI-generated content. In context, this is not a memory/session issue but a deceptive-content capability that can enable policy evasion, misrepresentation, or bypass of provenance expectations for published material.

Natural-Language Policy Violations

Low
Confidence
83% confidence
Finding
The phrase 'write in creator styles' suggests imitation of identifiable authors or brands without any limiting language around consent, parody, or generic style transfer. In a content-generation/publishing skill, this increases the risk of unauthorized impersonation, plagiarism-adjacent outputs, or misleading attribution.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal