Back to skill

Security audit

wechat-article-reader

Security checks across malware telemetry and agentic risk

Overview

This is a straightforward WeChat article reader, but its URL validation is too loose and could fetch non-WeChat or internal URLs if given a crafted link.

Install only if you are comfortable with a local Python script fetching article URLs over the network. Use genuine https://mp.weixin.qq.com/s/... links, and prefer an updated version that parses the URL and requires the hostname to be exactly mp.weixin.qq.com before fetching.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
92% confidence
Finding
The skill instructs the agent to fetch content from arbitrary `mp.weixin.qq.com` URLs over the network, but the skill metadata does not declare any corresponding network permission. Undeclared capabilities are dangerous because they bypass least-privilege review and make it harder for operators to understand what external access the skill can perform.

Vague Triggers

Medium
Confidence
78% confidence
Finding
The trigger guidance includes broad natural-language phrases such as '帮我看看这篇' when accompanied by a link, which can cause the skill to activate in contexts broader than intended. Overbroad invocation increases the chance of unintended network fetches and data handling, especially if the agent auto-runs the skill without strong user confirmation.

VirusTotal

59/59 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.