ClawHub

Rss To Wechat

Security checks across malware telemetry and agentic risk

Overview

The skill appears purpose-built for RSS-to-WeChat publishing, but it needs review because it can fetch arbitrary URLs and use WeChat publishing credentials with limited guardrails.

Review before installing. Use only public article URLs, avoid internal or private links, keep WeChat secrets out of shared or committed files, restrict file permissions on any local config, and require manual review before any draft upload to WeChat.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (10)

Intent-Code Divergence

High
Confidence
98% confidence
Finding
The script explicitly documents that it uses curl to bypass SSRF protections, which is a strong indicator of intentional security-control circumvention. Because the URL is fully user-controlled, this can be used to access internal-only services, cloud metadata endpoints, or other restricted network resources through the host running the skill.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The trigger list contains broad natural-language phrases such as "WeChat format" and "get article from RSS" that can overlap with ordinary user requests. In an agent ecosystem with automatic skill loading, this can cause unintended activation, leading the assistant to fetch remote content or initiate publishing-related workflows without the user clearly intending to invoke this skill.

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The README advertises optional automated publishing and API upload behavior but does not clearly warn users that article content and configured credentials will be used to transmit data to external WeChat services. In a skill marketplace context, missing disclosure can mislead users about when content leaves the local environment and increases the risk of accidental sensitive-data exposure.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The documented automatic workflow states that the assistant will load the skill, parse content, generate HTML, create a cover, and upload to the draft box, but it does not include a user-facing warning or explicit consent checkpoint before external transmission. In an AI-assisted workflow, automation plus absent disclosure increases the chance of unintended uploads of copyrighted, private, or otherwise sensitive content.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README instructs users to place sensitive WeChat AppID and AppSecret values into a local shell config file without an accompanying warning about secret handling, storage, or exclusion from version control. In an agent-skill context, this increases the chance that credentials are stored insecurely, accidentally committed, or exposed through logs and automation workflows.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The skill states that article content may be published to WeChat via API using account credentials, but it does not prominently warn that content, metadata, and authentication material may be sent to external services. This can lead users to unintentionally transmit sensitive or proprietary content off-host or to a third party without informed consent.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The setup instructions ask users to place `WECHAT_APPID` and `WECHAT_APPSECRET` into a local config file but do not clearly label them as secrets or instruct users on secure handling. This increases the chance of credential leakage through accidental file sharing, weak filesystem permissions, shell history, backups, or misuse in logs and version control.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The guide documents automatic upload/publication to WeChat but does not explicitly warn that article content, metadata, and account-associated information will be transmitted to an external platform. In a skill meant to automate publishing, this omission can mislead users about privacy and data-handling consequences, especially if they process sensitive or unpublished material.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The guide instructs users to place WeChat AppID and AppSecret in a local configuration file without an explicit secret-handling warning. Even though it notes local config is not committed to git, that does not address risks like permissive file permissions, shell history, backups, screenshots, shared machines, or accidental reuse in insecure scripts.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script fetches arbitrary user-supplied URLs over the network without meaningful restriction or warning, which creates SSRF and unexpected data egress risk in an agent environment. In this skill context, the danger is elevated because the tool is specifically designed to retrieve remote content and may run with network access not visible to the end user.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal