ClawHub

微信公众号文章排版

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent WeChat article formatter with an optional draft-upload workflow, but users should review content and account credentials before using publishing.

Install only if you intend to format WeChat public-account articles. Keep WeChat credentials limited to the account you mean to use, review the generated preview first, prefer dry-run before publishing, and avoid publishing untrusted articles that contain remote or private-network image URLs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Tainted flow: 'files' from requests.get (line 141, network input) → requests.post (network output)

Medium
Category
Data Flow
Content
try:
            with open(image_path, "rb") as f:
                files = {"media": (filename, f, content_type)}
                resp = requests.post(url, files=files, timeout=30)

            data = resp.json()
            if "url" in data:
Confidence
90% confidence
Finding
resp = requests.post(url, files=files, timeout=30)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger phrases are broad enough to match common requests like “排版”, “format”, or “美化文章”, which can cause the skill to activate outside the user's intended context. Because this skill reads files, transforms article content, opens previews, and may lead into publication flows, overbroad triggering increases the chance of unintended file access or accidental content processing.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill includes instructions to push content to a WeChat draft box, but it does not require an explicit warning that article content will be transmitted to an external service using stored credentials. This can lead to unintended data disclosure, accidental publication workflow initiation, or use of privileged WeChat credentials without informed user consent.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal