ClawHub

Wechat Daily Article

Security checks across malware telemetry and agentic risk

Overview

This looks like a real WeChat article automation skill, but it also adds under-scoped Feishu/Douyin distribution features and unsafe remote image downloading that users should review before installing.

Install only if you intend to give the skill WeChat official-account credentials and, if enabled, Feishu bot credentials. Keep Feishu/Douyin features disabled or remove them if you only need WeChat drafts; review all local files and images before upload, avoid untrusted image URLs until TLS verification is fixed, and review every WeChat draft before publishing.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (10)

Tainted flow: 'url' from os.environ.get (line 19, credential/environment) → urllib.request.urlopen (network output)

Critical
Category
Data Flow
Content
ctx = ssl.create_default_context()
    ctx.check_hostname = False
    ctx.verify_mode = ssl.CERT_NONE
    with urllib.request.urlopen(url, timeout=30, context=ctx) as r:
        data = r.read()
    with open(filepath, 'wb') as f:
        f.write(data)
Confidence
99% confidence
Finding
with urllib.request.urlopen(url, timeout=30, context=ctx) as r:

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The skill expands from WeChat article creation into Douyin publication workflow guidance and Feishu distribution automation. This broadens the operational scope and increases the chance that generated content, images, and identifiers are redistributed beyond the platform the user expected.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The instructions include cross-platform traffic redirection and external messaging capabilities not necessary for simply drafting WeChat articles. In context, this makes the skill more dangerous because it can be used to push generated content, images, and promotional material into third-party ecosystems without a narrowly justified need.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The file adds a Feishu messaging helper to a skill described as a WeChat daily article creation and draft-upload workflow. This capability mismatch creates an undocumented outbound channel that can transmit generated content and local files to a different platform, increasing the risk of unintended data disclosure or covert exfiltration.

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The main workflow's 'all' action sends article topics, title, summary, document, and cover image to Feishu, which exceeds the stated WeChat drafting purpose. In skill contexts, hidden or undocumented external delivery paths are dangerous because they can leak proprietary drafts, prompts, or local files without the user's informed expectation.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The skill instructs users to write article title and body to fixed plaintext files under /tmp, but does not warn that this stores potentially sensitive or unpublished content on local disk. On shared systems or misconfigured environments, other processes or users may read or recover this material.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The documentation states that images will be uploaded and drafts created remotely, but does not clearly warn that content and media are transmitted to external services and written into a live account context. This is risky because users may unintentionally publish or stage sensitive, copyrighted, or unreviewed material in their official WeChat account.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The Feishu notification flow transmits the generated title and message content to a third-party messaging service, but the documentation does not clearly frame this as external sharing. In context, that can leak unpublished editorial plans or sensitive business content to another platform without informed consent.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
Disabling certificate verification for remote image downloads materially weakens transport security and creates a real integrity and privacy risk. In this skill context, the script automatically downloads attacker-influenced URLs from HTML content, making the unsafe TLS behavior more dangerous than a purely internal or manual workflow.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The script transmits message contents and uploaded files/images to Feishu without meaningful user-facing disclosure beyond terse CLI action names. In an agent skill context, silent transmission of generated content and local artifacts to an external SaaS can cause privacy breaches and violate user expectations, especially because the skill is presented as a WeChat tool.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal