ClawHub

Audio to WeChat Article

Security checks across malware telemetry and agentic risk

Overview

This skill coherently turns user-provided audio or text into local WeChat article drafts, with an optional user-requested handoff to a separate publishing workflow.

Install only if you are comfortable processing meeting audio, transcripts, images, and generated drafts locally. Review the produced markdown before any WeChat handoff, verify the separate transcription and WeChat posting workflows, and avoid publishing confidential meeting content without an explicit final approval step.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill advertises file/shell-capable behavior through bundled scripts and workflow steps, but it does not declare permissions or user-visible boundaries for those capabilities. This is dangerous because users and orchestrators cannot accurately assess that local files may be read/written and shell commands may run during transcription or article generation, increasing the chance of unexpected data access or execution.

Tp4

High
Category
MCP Tool Poisoning
Confidence
88% confidence
Finding
The documented behavior overstates the skill's capabilities and omits important implementation details, including use of an external local transcription path and lack of actual WeChat publishing/QR integration. Such mismatches are security-relevant because users may provide sensitive meeting audio or publication intent under false assumptions about what data flows occur and what outputs or side effects will actually happen.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill presents optional WeChat draft publishing without warning that content may be transmitted to an external platform and may affect a connected account. This is risky because users may unknowingly send confidential meeting transcripts, internal notes, or images outside the local environment, creating privacy, compliance, and publication-control issues.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The handoff instruction to `baoyu-post-to-wechat` lacks any consent, disclosure, or account-impact warning despite initiating an external publishing workflow. In a skill that processes meeting audio and article drafts, this makes accidental external disclosure more dangerous because sensitive business content could be transferred or staged for publication without sufficiently informed user approval.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal