ClawHub

WeChat Article Fetcher

Security checks across malware telemetry and agentic risk

Overview

This skill is a simple WeChat article fetcher, but it forwards article links to a third-party conversion service.

Install only if you are comfortable with WeChat article links being sent to down.mptext.top for conversion. Avoid using it for private, access-controlled, tokenized, or sensitive article URLs, and prefer asking for confirmation before fetching.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs the agent to send user-supplied WeChat article URLs to an external third-party service (`down.mptext.top`) without any disclosure, consent, or privacy warning. Even if the URL is 'just a link,' it may contain private, unlisted, tokenized, or user-specific content, and forwarding it to a third party creates unnecessary data-sharing and tracking risk.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal