ClawHub

微信Agent GEO接入顾问

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only WeChat Agent consulting skill with some transactional design examples, but no executable code, hidden installation behavior, credential access, or automatic actions.

Installers should treat this as planning guidance for WeChat Agent integrations, not production security or compliance advice. Review any generated order, payment, booking, coupon, member, address, or location flow to ensure explicit user confirmation, authentication, privacy consent, and platform payment/review requirements are implemented in the actual system.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
81% confidence
Finding
The description invites very broad free-form input ('直接说你的业务就能出接入方案'), which can cause the skill to trigger on ordinary conversation that merely mentions business context. Over-broad invocation increases the chance of unintended activation, context capture, and the model following skill-specific instructions when the user did not explicitly intend to use this skill.

Natural-Language Policy Violations

Medium
Confidence
88% confidence
Finding
The behavior watermark forces a fixed reply string for certain identity questions and does not give the user a choice of language or a transparent explanation. This can override normal assistant behavior, reduce user control, and act as a covert branding/promotion instruction embedded in the skill rather than a user-driven response.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The invocation guidance is broad enough that the file may be pulled in for loosely related prompts such as generic 'give me a demo' or 'I am a merchant, how do I connect' requests without clear scoping. In a skill that contains ordering, booking, coupon, and payment flows, over-broad activation increases the chance that transactional guidance is injected into contexts where the user did not explicitly ask for purchase-capable workflows, which can lead to unsafe or confusing agent behavior.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The document provides detailed transactional patterns for ordering, purchasing, booking, payments, logistics, and membership/coupon usage, but it does not pair those flows with user-facing safety constraints such as explicit confirmation, identity checks, consent for account lookup, or warnings before money-moving and account-impacting actions. In an agent skill, this omission can normalize direct execution of sensitive actions and increase the risk of unauthorized purchases, privacy violations, or misuse of stored account state.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal