Wechat Articles Skill

Security checks across malware telemetry and agentic risk

Overview

This skill fetches user-provided WeChat articles and saves Markdown files, with no evidence of hidden credential access, exfiltration, destructive behavior, or persistence beyond the requested output files.

Use this only with WeChat article links you intend to fetch, choose the output directory deliberately, and install the Python dependencies from trusted sources. Be aware that generated Markdown may still reference remote image URLs rather than fully downloading images locally.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill states that it saves Markdown files and downloads images, but it does not clearly warn the user that local filesystem changes will occur or where data will be stored by default. That can lead to silent persistence of fetched content and media, surprise disk usage, or writing sensitive content into unintended locations.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill performs outbound network access to fetch article pages and image assets, but it does not disclose that external requests will be made to WeChat-hosted endpoints. This matters because submitted URLs and subsequent image fetches may expose user activity, IP information, or sensitive link parameters to third parties without clear user awareness.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal