ClawHub

微信公众号文章抓取 (Jeff版)

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says: it fetches WeChat articles and saves them locally as Markdown with optional images, with some ordinary operational caveats.

Install only if you are comfortable running a Python scraper with browser automation. Use it for WeChat articles you are allowed to archive, keep output in a dedicated directory, review unpinned dependencies, and delete the output/debug folder if it may contain article content you do not want retained.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill documentation exposes capabilities to read/write local files and access the network, but it does not declare any permissions or constraints for those operations. This creates a transparency and policy-enforcement gap: an agent or reviewer cannot easily determine the intended trust boundary, and a skill that fetches arbitrary URLs and writes output to disk can be abused for unintended data access, unsafe downloads, or overwriting files if invoked carelessly.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger description is broad enough that the skill may activate on loosely related requests involving WeChat articles without clear boundaries or safety checks. In context, this matters because the skill performs network fetching and local file writes, so over-triggering could cause unintended retrieval of untrusted content, unnecessary browser automation, or writing data to disk when the user did not explicitly want those actions.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
When parsing or CAPTCHA handling fails, the tool writes the full fetched HTML to a local debug file. That HTML can contain private article content, embedded tokens, tracking parameters, or user-visible data that the operator did not realize would be persisted, creating an unintended local data exposure risk. In this skill context, the tool is specifically designed to fetch third-party web content, so automatically saving raw pages makes the issue more relevant rather than less.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal