wechat_articles 公众号文章收集器

Security checks across malware telemetry and agentic risk

Overview

The skill does what it says: searches and reads WeChat public-account articles, but users should be aware it installs browser/network dependencies and can fetch user-supplied URLs.

Install only if you are comfortable adding the listed Python packages and Chromium. Use it for WeChat public-account searches and mp.weixin.qq.com article links; avoid private search terms and do not point it at unrelated or internal URLs.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

High

Confidence: 97% confidence
Finding: The description uses mandatory and expansive trigger language such as '必须使用此 skill' and even says it should trigger when the user did not explicitly mention WeChat. This can cause unintended invocation, unnecessary network access, and routing away from safer or more appropriate skills, especially when user intent is ambiguous.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The function accepts an arbitrary URL and causes the host running the skill to make an outbound request with a real browser, but there is no validation, allowlist, or user-visible disclosure. In an agent context, this can be abused for server-side request forgery behavior, unexpected access to internal or sensitive network resources, or silent browsing to attacker-controlled sites that fingerprint the environment.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal