Back to skill

Security audit

Wechat Publisher DraftGet

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed WeChat draft-publishing helper that uploads user-selected article content and a cover image to the configured WeChat account.

Install only if you intend to let this skill create WeChat Official Account drafts. Before running publish.sh, confirm the article, cover image, title, author, and digest are safe to upload, protect the md2wechat credentials, and delete generated verification JSON files if they contain sensitive draft content.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill clearly describes capabilities that read configuration files, write local artifacts, access environment-provided credentials, and make network calls to the WeChat API, but it does not declare corresponding permissions. This creates a permission-model mismatch: an operator or framework may treat the skill as lower-risk than it is, leading to unintended credential use, file access, or outbound publishing activity.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The file promotes automatic image upload and one-click publishing to an external platform without warning that local files and content will be transmitted off-host and potentially made publicly visible. In a publishing skill, this omission can cause users to exfiltrate sensitive images or unintentionally publish draft or private material because the action is framed as routine and low-friction.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The instructions tell the user to configure credentials but provide no warning that authentication material is sensitive or should be stored securely. In the context of an agent skill that publishes to an external account, weak guidance around credential handling increases the risk of token leakage, accidental commit of secrets, or misuse of the linked publishing account.

VirusTotal

57/57 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.