ClawHub

wechat-article

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says: it fetches a user-provided WeChat article and converts it to Markdown, but users should know the default method sends the article URL to r.jina.ai.

Use this skill only with public or non-sensitive WeChat article links unless you are comfortable sending the URL to r.jina.ai. Be aware that Python requests may need to be installed separately. Avoid confidential, access-controlled, tokenized, or internal URLs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill documentation describes network-based fetching and recommends external retrieval methods, yet the metadata declares no permissions. This creates a transparency and policy gap: users and hosting systems may not realize the skill performs outbound requests, which can undermine review, consent, and sandboxing decisions.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill recommends using r.jina.ai, a third-party extraction service, without clearly warning that article URLs and potentially article content will be sent to an external provider. This can expose sensitive browsing targets, private/internal links, or licensed content to a third party, especially if users assume processing is local.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The code sends the user-provided WeChat article URL to the third-party service r.jina.ai as its primary extraction method, but gives no explicit notice or consent step before external transmission. This can leak sensitive URLs, embedded tracking parameters, or private/internal article links to an external processor, creating a real privacy and data-handling risk even if the feature is intended to improve reliability.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal