ClawHub

WeChat Article Summarize

Security checks across malware telemetry and agentic risk

Overview

This skill coherently fetches user-provided WeChat articles, summarizes them with a local summarizer, and saves markdown reports, with some privacy and configuration caveats.

Install only if you trust the local summarize command and its configured provider. Use real public WeChat article URLs, choose an output/work directory where storing full article copies is acceptable, and avoid untrusted env files or environments containing unrelated secrets.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Intent-Code Divergence

Medium
Confidence
97% confidence
Finding
The markdown output always states 'summarize 状态: ok' and labels the section as a full summary even though the script merely reads whatever is in the summary JSON and does not verify that summarization actually succeeded or produced meaningful content. In this skill context, users rely on the generated markdown as a trustworthy report, so false success indicators can mislead downstream decisions, hide pipeline failures, and create integrity issues in automated or semi-automated reporting workflows.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The script imports arbitrary key/value pairs from a user-supplied env file directly into the process environment before launching the external summarizer. This lets an attacker influence downstream behavior through variables such as API keys, proxy settings, library configuration, or provider-specific environment flags, which can redirect network traffic, alter model backends, or expose secrets to the child process.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The code forwards the full inherited environment to an external summarizer process using os.environ.copy() without minimizing or disclosing what is sent. In an agent skill context, environment variables often contain API keys, tokens, cloud credentials, or proxy settings; giving all of them to a subprocess unnecessarily broadens the attack surface and can leak secrets if the child tool logs, transmits, or is compromised.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal