ClawHub

WeChat MiniApp Deploy

Security checks across malware telemetry and agentic risk

Overview

This skill is a clear WeChat Mini Program deployment guide, but users must handle WeChat keys and AppSecret carefully.

Install only if you want an agent to help with WeChat Mini Program deployment. Keep CI private keys and AppSecret in a secret manager, do not paste them into prompts or commit them to a repo, redact CI logs, and prefer manual review submission unless API automation is truly needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
89% confidence
Finding
The skill’s stated scope is deployment via the official miniprogram-ci CLI, but it expands into direct use of the WeChat admin API and introduces app-secret handling for review submission. That broadens credential exposure and operational capability beyond what users would reasonably expect from a CI upload skill, increasing the chance that sensitive secrets are mishandled in shells, logs, or CI environments.

Context-Inappropriate Capability

Medium
Confidence
93% confidence
Finding
The example retrieves an access token using APPSECRET, which is a higher-sensitivity credential than the CI private key needed for code upload. Introducing broader credentials into a deployment skill violates least-privilege expectations and creates additional leakage paths through process lists, shell history, CI logs, and copied snippets.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The review-submission example sends APPSECRET to an external token endpoint but gives no explicit warning about secret handling, exposure in logs, or external transmission. Even though the destination is the legitimate WeChat API, the lack of safeguards makes it easy for users or agents to exfiltrate or mishandle sensitive credentials during automation.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal