ClawHub

wecom-user-manager

Security checks across malware telemetry and agentic risk

Overview

This WeCom user-management skill matches its stated purpose, but it can change account access and relies on missing external helper code that prevents full review.

Review before installing. Use this only in a controlled WeCom environment, inspect or supply the missing helper modules, limit wecom_mcp access, verify role and store or region enforcement, protect users.json, require auditable admin approval for account and role changes, and remove real test user details from public documentation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Missing User Warnings

Medium
Confidence
81% confidence
Finding
The release notes document automatic account activation and automatic retrieval of a user's real name, but do not mention notice, consent, or safeguards around this account-state change and personal data processing. In an enterprise messaging context, silently activating accounts and exposing identity data can lead to privacy issues, unauthorized onboarding, or users being surprised by privilege changes.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The usage example shows the bot announcing that the account has been activated and displaying the user's name and role, yet the documentation provides no warning about privacy implications or account-state changes. This is risky because examples normalize behavior that may disclose personal information in chat and perform state-changing actions without clear consent or contextual warnings.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The documented activation flow allows any first message from a user in a pending state to activate the account, with no mention of an out-of-band verification step, signed invite token, or administrator-approved proof of possession beyond the message source. In an enterprise chat context, this can enable unintended activation or account binding mistakes if a pending account is created for the wrong UserID, if identifiers are reused, or if message origin/integration assumptions are weaker than expected.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The documentation exposes privileged user-provisioning and activation operations that directly affect access control, but it does not prominently warn that these actions grant permissions and must be restricted to authorized administrators. In an agent-skill context, clear safety guidance is important because operators or downstream agents may invoke the examples as-is, increasing the risk of improper account creation or privilege assignment.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal