ClawHub

WeChat Group Operator

Security checks across malware telemetry and agentic risk

Overview

This skill is clearly meant to automate WeChat group posts, but it can send real scheduled messages through an external unreviewed sender with limited safeguards.

Review the external wechat-desktop-sender script before installing or running real sends. Confirm the logged-in WeChat account, edit the group whitelist carefully, run dry runs first, and only enable cron if unattended scheduled posts to those groups are acceptable. Avoid storing sensitive group names or message content in the content pools or history file.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill advertises execution of a Python script, reads and updates JSON assets, and is intended for cron-based automation, which implies file read, file write, and shell/process execution capabilities. Having these effective capabilities without an explicit permissions declaration weakens reviewability and guardrails, making it easier for the skill to be over-privileged or invoked in ways the user does not fully understand.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The skill supports real posting to WeChat groups and recommends attaching the workflow to cron, but it does not prominently warn about unintended sends, spam-like behavior, disclosure of group activity patterns, or the risk of posting to the wrong group/content at scale. In a messaging context, automation mistakes can immediately affect real users and group communications, especially once scheduling is enabled.

Missing User Warnings

Medium
Confidence
79% confidence
Finding
The script can send messages to one or many enabled WeChat groups immediately, with no interactive confirmation, recipient review, or rate-limiting in the code path. In an automation context, this increases the risk of accidental mass messaging, wrong-target delivery, or misuse if the skill is triggered unexpectedly.

Missing User Warnings

Low
Confidence
85% confidence
Finding
The code persists posting history including group names and full message content to disk, which may expose sensitive operational data or private group communications to other local users, backups, or later compromise. Because this is a messaging automation skill, the stored content can reveal campaign plans, community membership, and conversation material.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal