Security audit

Wechat Automation

Security checks across malware telemetry and agentic risk

Overview

This skill sends Enterprise WeChat messages as advertised, but it needs review because it can expose the webhook secret and may notify an entire chat by default.

Install only after reviewing the destination chat and webhook key handling. Do not send secrets, personal data, stack traces, or sensitive incident details through this skill; avoid shared terminals or CI for the shell test unless the key is masked or rotated; and account for the default everyone-mention behavior before using it in active enterprise groups.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (6)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The README instructs users to send arbitrary text, markdown, and alert data to a WeCom/WeChat webhook but does not clearly disclose that operational data, error messages, and potentially sensitive content will be transmitted to an external third-party service. This can lead users to unintentionally exfiltrate secrets, internal system details, or personal data through example code and automation workflows, especially in monitoring and scheduled notification scenarios.

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: The guide instructs users to place multiple live secrets, including a corporate secret and webhook key, into a local .env file with only a brief warning not to commit it to Git. While storing secrets in environment files is common, the guidance is incomplete because it does not address secret rotation, access control, secure local storage, example placeholders versus real values, or risks of leaking the file through logs, screenshots, archives, or support sharing.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The document tells users to run privileged package-install commands and pipes a remotely fetched script directly into sudo bash. This is dangerous because it grants root execution to unaudited network content and can lead to full system compromise if the source, transport, mirror, or command is tampered with.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The skill explicitly instructs users to configure an Enterprise WeChat webhook key and use it to send messages, but it does not clearly warn that this causes outbound network transmission to an external messaging platform. In an automation context, users may unknowingly route internal or sensitive content outside the local environment, increasing the risk of accidental data disclosure or misuse of organizational chat channels.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The documentation promotes scheduled message sending via cron without warning that this enables unattended outbound actions. If configured improperly, the skill could repeatedly send sensitive, incorrect, or spammy content to enterprise chat groups without real-time user review, causing data leakage, operational disruption, or reputational harm.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The script prints the full webhook URL, which includes the secret key, directly to stdout. This can expose the credential in terminal history, CI logs, screen recordings, or shared troubleshooting output, allowing anyone who obtains the key to send messages to the enterprise WeCom webhook.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.