ClawHub

Wechat Mp Publisher

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed WeChat Official Account content workflow with expected web research and local output files, and I found no hidden credential use, exfiltration, or automatic account posting.

Install only if you want a WeChat Official Account publishing assistant. Use it for public or authorized research sources, review drafts and publishing settings before posting, and do not store passwords, API tokens, cookies, or private user data in the local config or generated workspace files.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
81% confidence
Finding
The manifest scope is framed around WeChat public account operations, but the documentation extends behavior to multi-platform distribution. Scope expansion increases the chance the skill will be used in contexts with different policies, credentials, and content-handling expectations than the user originally authorized.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The top-level trigger phrases are broad enough to match ordinary writing, publishing, and self-media requests, which can cause unintended activation. Accidental invocation matters here because the skill includes network collection, workspace writes, and account/config handling behavior that users may not expect from a generic writing request.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The decision-table keywords such as '采集', '发布', '数据', and '写文章' are ambiguous and overlap with many benign requests. Because the skill routes into scraping, file output, and publication-oriented flows, weakly constrained triggers increase the risk of over-collection or unintended operational actions.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill encourages collecting competitor content, platform data, comments, and trend information without warning about privacy expectations, terms-of-service restrictions, or downstream handling of scraped data. In a marketing-automation context, that omission makes misuse more likely and can expose users to compliance, contractual, or reputational harm.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill instructs storing公众号 configuration data locally in `workspace/wechat_config.json` without any warning about sensitive information handling, encryption, access controls, or secret minimization. Account metadata, identifiers, and future expansion to tokens or publishing settings can become a local secret store vulnerable to leakage, reuse, or accidental inclusion in outputs.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal