ClawHub

微信公众号自动排版发布---一键安装

Security checks across malware telemetry and agentic risk

Overview

The skill appears aimed at WeChat publishing, but it stores a WeChat AppSecret and persistent workspace memory in ways users should review before installing.

Review this skill before installing. Use it only if you are comfortable granting it WeChat publishing credentials and persistent access to workspace memory. Prefer a secret manager or runtime environment variables over a plaintext .env file, restrict file permissions, delete the stored secret when done, and rotate the WeChat AppSecret if it may have been exposed. Do not allow it to read or save prior-session memory unless that retention is intentional.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Rogue AgentSelf-Modification, Session Persistence
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill instructs the operator to collect a WeChat AppSecret and write it directly into a persistent .env file under the user's home directory without any explicit warning about the sensitivity of the credential, retention scope, rotation, or exposure risks. Even with chmod 600, long-lived plaintext storage increases the chance of accidental disclosure through backups, logs, workspace sharing, or later misuse by other agents/scripts in the same environment.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly instructs the agent to read long-term and recent memory files that may contain ongoing tasks, feedback, and brand preferences, but provides no user notice, consent flow, or data-minimization boundary. This creates a privacy and confidentiality risk because the agent may access prior-session or cross-task context that the current user did not expect to be consulted.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill directs the agent to persist design tasks, review feedback, and brand preferences into memory files after each session without any transparent retention notice or opt-in mechanism. This is dangerous because it can silently accumulate sensitive business context and editorial feedback over time, enabling unintended disclosure, over-retention, or reuse in later interactions.

Session Persistence

Medium
Category
Rogue Agent
Content
将凭证写入安全配置文件:
```bash
mkdir -p ~/.openclaw/workspace-wechat-publisher
cat > ~/.openclaw/workspace-wechat-publisher/.env << 'EOF'
WECHAT_APP_ID=用户输入的AppID
WECHAT_APP_SECRET=用户输入的AppSecret
Confidence
97% confidence
Finding
mkdir -p ~/.openclaw/workspace-wechat-publisher cat > ~/.openclaw/workspace-wechat-publisher/.env << 'EOF' WECHAT_APP_ID=用户输入的AppID WECHAT_APP_SECRET=用户输入的AppSecret WECHAT_API_BASE=https://api.weixin.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal