Back to skill

Security audit

Wechat Article Search - 微信公众号文章搜索

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed WeChat article search scraper with optional link resolution, article-content fetching, and file output, but no hidden persistence, credential use, or destructive behavior was found.

Install only if you are comfortable running a web-scraping tool. Your search terms and optional content fetches will be sent to Sogou/WeChat, high-frequency use may trigger blocking or violate site rules, and dependencies should be installed in a controlled Python environment.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill documents network access and file output behavior but does not declare corresponding permissions, which weakens platform-level security controls and user/operator visibility. Undeclared capabilities make it easier for a seemingly simple search skill to perform broader actions than expected, including saving fetched data locally and making outbound requests to third-party sites.

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
The manifest presents the skill as a metadata search tool, but the documentation shows additional capabilities to resolve redirect links and fetch full article bodies. This mismatch can bypass user and reviewer expectations, expanding data collection and external interaction beyond the stated purpose and increasing privacy, compliance, and trust risks.

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
The documented behavior goes beyond article search metadata and includes retrieving full article content, which materially changes the skill's sensitivity and operational scope. Users invoking a search tool may not expect content scraping, and that extra capability can create copyright, data-handling, and policy exposure if used broadly.

Context-Inappropriate Capability

Medium
Confidence
87% confidence
Finding
Capturing and returning full article text is more invasive than the stated search use case and is not clearly justified by the declared purpose. Even if technically optional, this broadens the skill from discovery into content extraction, increasing legal, privacy, and misuse risk compared with simple result listing.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.