Back to skill

Security audit

微信公众号文章自动生成发布

Security checks across malware telemetry and agentic risk

Overview

The skill does what it claims: it helps create WeChat public-account drafts, but users should treat its account credentials and draft submission steps carefully.

Install only if you intend to connect a WeChat public account. Keep wechat_credentials.json private and out of source control, verify that 112.8.202.216 is the correct outbound IP for your environment before whitelisting it, and review the article and cover before running publish.py because it creates persistent materials and a draft in the configured WeChat account.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger phrases include broad terms like “写公众号文章” and “公众号草稿,” which can match ordinary content-writing requests rather than an explicit request to publish. That increases the risk of unintended activation of a skill that reads credentials and sends data to an external publishing platform.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill description emphasizes convenience but does not explicitly warn that article content, cover images, and credential-derived API requests are sent to external WeChat endpoints. Without that disclosure, users may unknowingly expose unpublished content or account-linked operations to a third-party service.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.