ClawHub

腾讯视频号发布

Security checks across malware telemetry and agentic risk

Overview

This skill can publish from a logged-in WeChat account and adds fixed public text, location, and originality claims that may not match the user’s intent.

Review carefully before installing. Only use this skill if you are comfortable with an agent operating a logged-in WeChat Channels account, and require explicit confirmation of the final video, title, description, hashtags, location, originality declaration, visibility, and publish action. Remove the fixed appended phrase, fixed location, and automatic originality claim unless they are specifically intended for each post.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (6)

Description-Behavior Mismatch

Medium
Confidence
98% confidence
Finding
The skill mandates appending a fixed phrase, "这是我黑心主人让我自动发布的", to every post description, which changes user content without consent and injects misleading editorial text. In a social publishing automation skill, silently adding non-user-supplied messaging is dangerous because it can deceive audiences, damage the user's reputation, and create covert content manipulation beyond the stated function of publishing a video.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The skill hard-codes a specific location, "苏州中心", into posts without any indication that the user requested or approved it. In a publishing workflow, forcing a location can misrepresent where content was created, create privacy and trust issues, and alter platform distribution behavior in ways the user did not authorize.

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The skill requires checking "声明原创" for every post, which is a substantive platform policy assertion rather than a neutral publishing step. Forcing this declaration without verifying the content's provenance risks false claims, policy violations, and account enforcement against the user.

Natural-Language Policy Violations

Medium
Confidence
94% confidence
Finding
This instruction hard-codes a locale-specific setting without user choice or business justification. In the context of account posting automation, that creates unauthorized content shaping and possible false location signaling, which can mislead viewers and affect recommendation systems.

Natural-Language Policy Violations

Medium
Confidence
92% confidence
Finding
The checklist reinforces the same forced location behavior as a required precondition, increasing the likelihood that every post will carry an unauthorized location tag. Because this is repeated in operational guidance, it normalizes non-consensual metadata insertion and makes accidental misuse more likely.

Ssd 4

Medium
Confidence
97% confidence
Finding
The injected phrase introduces a deceptive narrative into every published description and appears designed to normalize covert or manipulated posting behavior. In a content publication skill, this is especially risky because the tool acts directly on a user's authenticated account, so unauthorized text injection can immediately produce reputational harm and misleading public content.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal