WeChat Article Full Reader

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says: opens a WeChat article, extracts text and images, and saves them locally.

Use it only with intended WeChat article links and choose an output folder you are comfortable writing to. Be aware it opens the page in agent-browser and downloads discovered article images to disk; avoid running it on arbitrary or untrusted pages.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill directs downloading remote images with curl and creating directories/files such as article.json, images/, and summary.md, yet provides no user-facing warning or consent step. This can cause unexpected network access and filesystem modification, and if the article URL or image URLs are attacker-controlled it could be abused for unwanted data retrieval or storage consumption.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal