Back to skill

Security audit

WeChat Official Accounts Article Comments API

Security checks across malware telemetry and agentic risk

Overview

The skill appears to do the advertised WeChat comments lookup, but it handles the required API token in exposure-prone ways that users should review before installing.

Install only if you trust JustOneAPI and are comfortable with the token exposure risk in this version. Use a low-scope token if available, avoid logging command lines or request URLs, rotate the token if exposure is suspected, and treat returned commenter data as potentially personal information.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The skill defines the API access token as a query parameter and later appends all query parameters into the request URL. Query-string credentials are commonly exposed through logs, browser/history tooling, proxy infrastructure, monitoring systems, and error telemetry, making accidental credential disclosure more likely even when HTTPS is used.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill requires a sensitive API token in a query parameter, which is risky because query strings are commonly logged by clients, proxies, gateways, browser history, and monitoring systems. The manifest also lacks any warning or safer handling guidance, increasing the chance that integrators expose the token unintentionally.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The operation explicitly states it returns commenter details, comment text, and timestamps, which are potentially sensitive personal data, but the skill documentation provides no privacy warning, usage constraints, or guidance on lawful handling. In an agent context, this omission can lead downstream users or automations to collect, analyze, or redistribute personal data without adequate notice, minimization, or consent considerations.

Credential Access

High
Category
Privilege Escalation
Content
"parameters": [
        {
          "defaultValue": null,
          "description": "Access token for the API.",
          "enumValues": [],
          "location": "query",
          "name": "token",
Confidence
93% confidence
Finding
Access token

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.secret_argv_exposure

Instructions pass high-value credentials through process argv.

Critical
Code
suspicious.secret_argv_exposure
Location
SKILL.md:41