WeChat Article Download API

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward WeChat article downloader that uses a documented third-party API and saves the chosen outputs locally.

Install only if you are comfortable sending the article URLs you provide to down.mptext.top and saving the returned content on disk. Avoid confidential, internal-only, share-restricted, or copyright-sensitive links unless you trust that service and have permission to process them; use a deliberate output directory and basename.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The README explicitly directs users to send WeChat article URLs to a third-party public API, but does not disclose that article links and related request metadata will be transmitted off-platform. This can expose private, unlisted, or sensitive research targets to an external service and may create privacy, compliance, or data-handling risks for users who assume processing is local.

Missing User Warnings

Low

Confidence: 82% confidence
Finding: The skill documentation encourages downloading remote article content and batch-saving it to local files without warning that it creates files on disk or that the saved content is untrusted remote data. This can mislead users into writing unexpected files, overwriting existing content, or handling sensitive/copyrighted material without understanding the implications.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal