ClawHub

Wechat Assistant

Security checks across malware telemetry and agentic risk

Overview

This WeChat assistant is mostly coherent, but it handles private chats and stores message data with too little privacy scoping or retention control.

Install only if you are comfortable granting local automation access to an already logged-in WeChat desktop session. Use it on chats you are authorized to process, choose narrow contact/count scopes, store exports in a protected folder, delete reply_history.json and kb_data.json when no longer needed, and review every generated reply before any real send action.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The script accepts an arbitrary --output path and writes captured private chat data to that location without constraining the destination to a safe application directory. In the context of a chat-capture skill, this broad file write capability increases the risk of overwriting unintended files or placing sensitive exports in insecure locations, especially if another component supplies the path.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger conditions are broad enough to match generic requests like analyzing chats, managing relationships, or planning reminders, which can cause the skill to activate outside a clearly bounded WeChat-automation context. Overbroad activation increases the risk that sensitive conversational data is collected or acted on when the user did not specifically intend WeChat scraping or reply automation.

Missing User Warnings

High
Confidence
97% confidence
Finding
This skill is centered on capturing and analyzing private WeChat chat records, yet it does not prominently warn users about privacy, consent, sensitive personal data, or compliance risks. In this context, the omission is especially dangerous because chat histories may contain personal, financial, business, or third-party information, and users may not appreciate the consequences of collecting, storing, analyzing, and potentially reusing that data.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The specification explicitly defines a workflow for generating, approving, and sending WeChat replies, but it does not require any privacy notice, consent check, or explicit warning about the consequences of automated outbound messaging. In the context of a skill that analyzes private chat histories and can act on behalf of the user, this omission increases the risk of privacy misuse, unintended disclosure, and accidental or socially harmful message sending.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script persists reply history to reply_history.json, including contact identifiers, input messages, candidate replies, and audit results, without notice, minimization, retention controls, or access protections. In the context of a WeChat assistant handling private chats, this creates a meaningful privacy and data exposure risk if the host is shared, compromised, or backed up insecurely.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
This script captures private WeChat messages and persists them to disk as JSON without any user-facing privacy notice, consent gate, data minimization, or retention control. Because chat histories often contain sensitive personal and business information, silent export to a file materially increases privacy and data leakage risk.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The learn_from_conversation path persists raw user_input and agent_response to a local JSON knowledge-base file without any consent check, notice, redaction, retention control, or access restriction. In the context of a WeChat assistant, these samples can contain highly sensitive personal or business chat content, so silent storage materially increases privacy and data-handling risk.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal