ClawHub

WeChat Official Accounts API

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent JustOneAPI wrapper for WeChat Official Accounts data, with a real but disclosed credential-handling caveat.

Install only if you trust JustOneAPI with the WeChat article URLs, account IDs, keywords, and returned data you request. Use a scoped or low-privilege token if available, avoid sharing logs or screenshots containing full request URLs, and rotate the token if it may have appeared in shell history, process listings, proxy logs, or error output.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (12)

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The top-level description says the skill analyzes published posts, engagement metrics, and comments, but one operation also retrieves full article details/body content. That mismatch can mislead users or downstream policy layers about what data the skill can access and exfiltrate, reducing informed consent and weakening review controls.

Description-Behavior Mismatch

Medium
Confidence
93% confidence
Finding
The manifest description omits the keyword search/content discovery capability even though the API exposes a search endpoint. Hidden discovery functionality broadens surveillance and collection scope beyond what a user or reviewer would expect, which is risky in an agent skill that can be invoked automatically.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill places the API access token in the URL query string, which is commonly logged by clients, proxies, gateways, browser history, observability tooling, and upstream servers. Query-string credential transport increases the chance of accidental token disclosure and replay if logs or traces are exposed.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill forwards user-supplied article URLs, keywords, and account identifiers to a third-party API without any explicit disclosure or consent boundary. In this context, that can leak sensitive research targets, browsing interests, or internal identifiers to an external service, especially when combined with tokenized requests.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill requires an access token in the query string, which is commonly logged by clients, proxies, gateways, browser history, and server access logs. Putting credentials in URLs significantly increases accidental credential disclosure risk compared with using an Authorization header or secure secret mechanism.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill sends article URLs, keywords, account IDs, and resulting content to a third-party API, but the descriptions do not clearly warn users that these inputs and outputs leave the local environment. This lack of disclosure undermines informed consent and can cause unintended sharing of sensitive research targets, monitored accounts, or retrieved content.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
Requiring the access token in the query string is dangerous because query parameters are commonly logged by servers, proxies, browser history, monitoring tools, and referrer headers. This increases the chance of credential leakage and unauthorized API use, especially in agent ecosystems where requests may traverse multiple layers of observability tooling.

Credential Access

High
Category
Privilege Escalation
Content
"parameters": [
        {
          "defaultValue": null,
          "description": "Access token for the API.",
          "enumValues": [],
          "location": "query",
          "name": "token",
Confidence
95% confidence
Finding
Access token

Credential Access

High
Category
Privilege Escalation
Content
"parameters": [
        {
          "defaultValue": null,
          "description": "Access token for the API.",
          "enumValues": [],
          "location": "query",
          "name": "token",
Confidence
95% confidence
Finding
Access token

Credential Access

High
Category
Privilege Escalation
Content
"parameters": [
        {
          "defaultValue": null,
          "description": "Access token for the API.",
          "enumValues": [],
          "location": "query",
          "name": "token",
Confidence
95% confidence
Finding
Access token

Credential Access

High
Category
Privilege Escalation
Content
"parameters": [
        {
          "defaultValue": null,
          "description": "Access token for the API.",
          "enumValues": [],
          "location": "query",
          "name": "token",
Confidence
95% confidence
Finding
Access token

Credential Access

High
Category
Privilege Escalation
Content
"parameters": [
        {
          "defaultValue": null,
          "description": "Access token for the API.",
          "enumValues": [],
          "location": "query",
          "name": "token",
Confidence
95% confidence
Finding
Access token

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal