微信公众号运营工具

Security checks across malware telemetry and agentic risk

Overview

The skill mostly matches its WeChat publishing purpose, but it needs review because it handles account credentials/session state and includes unclear high-impact access guidance.

Install only if you are comfortable giving this skill access to WeChat Official Account publishing credentials. Do not whitelist IP 112.8.202.216 unless you know and trust the runtime that controls it; prefer whitelisting your own outbound IP. Store AppSecret and saved browser state outside shared or synced workspaces, exclude them from git, restrict file permissions, and rotate the AppSecret if it may have been exposed.

Publisher note

微信公众号运营全流程技能。覆盖选题研究、内容创作、图片生成、内容优化、API直写草稿箱/排版校对、定时发布、数据分析等完整环节。与 humanizer、agent-browser、automation-workflows、 baidu-search、多模态内容生成等技能协同工作。触发词：公众号运营、微信推文、公众号排版、公众号发布、写推文

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (4)

Vague Triggers

Medium

Confidence: 82% confidence
Finding: The trigger words include broad everyday phrases such as '写推文', which may activate the skill outside a clearly bounded WeChat Official Account context. Mis-triggering a skill with write/network/automation capabilities can cause unintended browsing, content generation, publication steps, or requests for credentials in unrelated conversations.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill instructs users to save browser login state and store AppID/AppSecret credentials in the workspace, but it provides no security controls, storage hardening guidance, access restrictions, or handling requirements for sensitive tokens and session files. In this context, saved auth state and credential files could enable account takeover, unauthorized publishing, or API abuse if the workspace is exposed or reused by other tools/skills.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The guide tells users to store the WeChat AppSecret in a plaintext JSON file but does not warn them to restrict file permissions, avoid committing it to source control, or use a safer secret-management mechanism. Because this skill automates official-account publishing and uses high-value API credentials, accidental disclosure could let an attacker access or abuse the linked公众号 API capabilities.

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: The document instructs users to place the WeChat app secret directly in a URL query string when requesting an access token, but it does not warn that URLs may be logged by shells, proxies, browser history, or monitoring systems. In a skill that automates publication workflows, this increases the chance that long-lived credentials are exposed during normal use.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal