Back to skill

Security audit

微信公众号贴图发布器

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do what it says: it uses WeChat credentials to upload chosen images and text to WeChat and create draft posts, with no hidden publishing or destructive behavior found.

Install only if you intend to let this skill use WeChat Official Account credentials and upload the selected images and caption text to WeChat. Prefer environment variables or a secure secret manager over a local wechat.env file, keep credential files out of version control, and review or delete outputs/ JSON records before sharing the skill directory.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill clearly requires access to environment variables, local files, network APIs, and writes output artifacts, yet no explicit permission declaration is present in the metadata. This creates a transparency and governance gap: users or orchestrators may invoke a networked, credential-using skill without clear capability disclosure, increasing the chance of unintended secret access, local file exposure, or unsafe execution in less-trusted contexts.

Missing User Warnings

Low
Confidence
84% confidence
Finding
The documentation instructs users to load credentials from environment variables or a local credential file, but provides limited operational safety guidance beyond not publishing secrets publicly. In practice, local secret files are commonly over-shared, committed to repositories, or left with permissive filesystem access, which can expose API credentials and allow unauthorized use of the connected WeChat account.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.