ClawHub

微信操作手册

Security checks across malware telemetry and agentic risk

Overview

This skill is not clearly malicious, but it goes beyond WeChat Moments browsing by automating real messages and voice calls from the user's WeChat account.

Install only if you intentionally want an agent to control live WeChat communications. If you only need Moments browsing, remove or ignore the contact search, message sending, and voice-call sections, and require manual confirmation before any like, comment, message, or call is sent.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The skill is scoped as a WeChat Moments browsing/interaction skill, but the documentation also includes contact search, direct messaging, and voice-call actions. These extra capabilities materially expand what an agent could do inside WeChat, enabling unsolicited communications or calls that are unrelated to the declared purpose and increase the chance of misuse or harmful side effects.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
Voice-calling is unjustified for a Moments-only skill and is a high-risk action because it initiates real-time communication with another person. In an agent setting, this can trigger unwanted contact, privacy violations, social engineering opportunities, or user harm without adequate consent controls.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
Direct message sending is outside the declared Moments functionality and allows the agent to communicate on the user's behalf. That creates risk of unauthorized messages, impersonation, accidental disclosure, or spam, especially because the instructions provide a ready-to-send example without any approval checkpoint.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
Contact search in the chat window is not needed for browsing Moments and serves as an enabling step for unrelated communications actions. In context, it increases the agent's reach across private contacts and facilitates later misuse such as unauthorized messaging or calling.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The skill includes message sending and voice-calling actions without any explicit warning, approval gate, or confirmation requirement. For agent-driven UI automation, this is dangerous because it permits externally visible actions on behalf of the user with no built-in safeguard against accidental or unauthorized execution.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal