ClawHub

微信创作

Security checks across malware telemetry and agentic risk

Overview

This appears to be a WeChat draft-publishing helper with expected credentialed API use, but users should treat it as an account-connected publishing tool rather than a purely local formatter.

Install only if you intend to let the skill use your WeChat Official Account credentials to create drafts and, if enabled, use an AI image-generation API key. Keep credentials in environment variables, use a trusted HTTPS AI endpoint, review drafts before publication, and prefer pinned patched dependency versions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (10)

Tainted flow: 'url' from os.getenv (line 113, credential/environment) → requests.post (network output)

Critical
Category
Data Flow
Content
"response_format": "b64_json"
    }

    response = requests.post(url, headers=headers, json=payload, timeout=120)
    response.raise_for_status()

    data = response.json()
Confidence
94% confidence
Finding
response = requests.post(url, headers=headers, json=payload, timeout=120)

Tainted flow: 'url' from os.getenv (line 113, credential/environment) → requests.post (network output)

Critical
Category
Data Flow
Content
"response_format": "url"
    }

    response = requests.post(url, headers=headers, json=payload, timeout=120)
    response.raise_for_status()

    data = response.json()
Confidence
95% confidence
Finding
response = requests.post(url, headers=headers, json=payload, timeout=120)

Tainted flow: 'image_url' from requests.post (line 130, network input) → requests.get (network output)

Medium
Category
Data Flow
Content
data = response.json()
    image_url = data["data"][0]["url"]

    image_response = requests.get(image_url, timeout=60)
    image_response.raise_for_status()

    os.makedirs(os.path.dirname(output_path) if os.path.dirname(output_path) else ".", exist_ok=True)
Confidence
91% confidence
Finding
image_response = requests.get(image_url, timeout=60)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly automates publishing content to a WeChat public account draft box using configured AppID and Secret, but the documentation does not clearly warn users that running it will perform authenticated actions against their account. This can lead to unintended external actions, misuse of privileged credentials, and surprise publication-side effects, especially when users treat the skill as a local formatting tool rather than an account-integrated publisher.

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests>=2.28.0
markdown2>=2.4.0
Pillow>=9.0.0
Confidence
97% confidence
Finding
requests>=2.28.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests>=2.28.0
markdown2>=2.4.0
Pillow>=9.0.0
Confidence
97% confidence
Finding
markdown2>=2.4.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests>=2.28.0
markdown2>=2.4.0
Pillow>=9.0.0
Confidence
98% confidence
Finding
Pillow>=9.0.0

Known Vulnerable Dependency: requests — 10 advisory(ies): CVE-2014-1830 (Exposure of Sensitive Information to an Unauthorized Actor in Requests); CVE-2024-47081 (Requests vulnerable to .netrc credentials leak via malicious URLs); CVE-2024-35195 (Requests `Session` object does not verify requests after making first request wi) +7 more

High
Category
Supply Chain
Confidence
90% confidence
Finding
requests

Known Vulnerable Dependency: markdown2 — 8 advisory(ies): CVE-2009-3724 (Cross-site scripting in markdown2 for python); CVE-2020-11888 (XSS in python-markdown2); CVE-2021-26813 (markdown2 Regular Expression Denial of Service ) +5 more

High
Category
Supply Chain
Confidence
93% confidence
Finding
markdown2

Known Vulnerable Dependency: Pillow — 10 advisory(ies): CVE-2016-2533 (Pillow buffer overflow in ImagingPcdDecode); CVE-2023-50447 (Arbitrary Code Execution in Pillow); CVE-2021-27922 (Pillow Uncontrolled Resource Consumption) +7 more

Critical
Category
Supply Chain
Confidence
95% confidence
Finding
Pillow

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal