Back to skill

Security audit

Wechat Control

Security checks across malware telemetry and agentic risk

Overview

The skill does what it says, but it can reuse a cached WeChat login and send messages or read chat metadata without built-in confirmation or tight scoping.

Install only on a trusted personal machine and only if you are comfortable letting an agent use your logged-in WeChat account. Verify recipient names and message text before invoking send, avoid shared or synced environments, and delete the cached loginInfo.pkl session when you no longer need persistent access.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The code enables persistent WeChat session reuse via hotReload=True without an explicit warning, consent flow, or controls for session lifecycle. If the host system or stored session artifacts are accessed by another local user or malware, the account could be reused without requiring a fresh QR-code login, increasing the risk of unauthorized messaging and metadata access.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.