ClawHub

创建公众号文章合集_无限

Security checks across malware telemetry and agentic risk

Overview

This skill is coherent for creating WeChat Official Account article collections, but it can act on a live account and handle session tokens without enough guardrails.

Install only if you intentionally want an agent to operate inside your WeChat Official Account backend. Use an isolated browser profile where possible, review the collection name and description yourself, require manual confirmation before the final publish click, and avoid sharing logs or screenshots that include token-bearing WeChat URLs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill directs the agent to click a final "发布" action that creates and publishes a collection in a live WeChat Official Account, but it does not require an explicit user confirmation immediately before that irreversible state-changing action. In an agent context, this increases the risk of unintended publication or modification of production account content if the skill is triggered ambiguously or with incomplete user awareness.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs extraction and reuse of the WeChat backend token from a redirected URL without labeling it as a sensitive session credential or constraining how it may be handled. In practice, such tokens can enable authenticated actions in the user's account, so normalizing their collection and reuse without secrecy guidance raises the risk of credential leakage through logs, screenshots, error messages, or reuse outside the intended session.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal