ClawHub

lanreneditor-pro

Security checks across malware telemetry and agentic risk

Overview

This skill is a real WeChat publishing integration, but its broad triggers and thin confirmation flow create a meaningful risk of unintended account-affecting actions.

Install only if you trust the publisher and the configured SaaS endpoint. Use a dedicated revocable API key, avoid confidential drafts, and require a manual review of the exact article, assets, template, target account, and destination platforms before any publish, distribute, or clear-materials action.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (18)

Intent-Code Divergence

Medium
Confidence
89% confidence
Finding
The system prompt authorizes a destructive capability (DELETE /api/skill/materials) that is not declared in the manifest’s user-facing commands. This creates hidden tool behavior and can cause unexpected mass deletion of collected content if the agent follows the prompt rather than the declared interface.

Missing User Warnings

Medium
Confidence
87% confidence
Finding
The document shows a realistic-looking API key format (`wemd_xxxxx...` / `wemd_xxxxxxxxxxxxxxxx`) in configuration examples without explicitly labeling it as a dummy placeholder or warning users not to reuse or expose it. In credential-handling documentation, realistic secrets can be copied into configs, screenshots, or repositories and may train unsafe habits around secret management, increasing the risk of accidental credential disclosure.

Missing User Warnings

Medium
Confidence
82% confidence
Finding
The example encourages publishing content to a public-platform draft box but does not clearly warn that article body text, title, metadata, and possibly linked assets will be transmitted to an external SaaS endpoint. In an agent skill context, users may assume a local action and unintentionally send sensitive or proprietary content to a third-party service.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The document instructs users to send article content and metadata to an external publishing service and potentially on to a public WeChat account, but it does not clearly warn about privacy, confidentiality, or publication consequences. This can lead users to submit sensitive drafts, personal data, or proprietary content without informed consent about external processing and public exposure.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The marketing copy promotes one-click publishing to a public account and shows success/progress flows, but it does not mention any review, confirmation, or safeguards before content is released. In a skill that can affect public-facing communications, this can normalize accidental or premature publication, including AI-generated mistakes, brand-damaging content, or disclosure of sensitive information.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The documented natural-language triggers are broad everyday phrases such as asking to write, preview, or query quota, which can easily overlap with normal conversation. In a skill that can generate and publish content to a public account, this increases the risk of accidental invocation and unintended external actions.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The quickstart describes publishing generated or formatted content to a public公众号 account but does not warn users that the skill may modify external content or perform public posting. In this context, omission of a warning is risky because users may trigger publication without appreciating the real-world impact, causing accidental or unauthorized posts.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The example utterances are generic writing requests like '写一篇关于人工智能的文章' and '帮我写个美食探店文案' that strongly overlap with ordinary chat behavior, yet this skill can progress into publishing content to a connected WeChat account. In an agent environment, overly broad natural-language triggers increase the chance of unintended activation and accidental account-affecting actions, especially when the skill supports one-click publication and multi-step workflows.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The README advertises direct publication to a WeChat public-account draft box as a core capability but does not emphasize that this is an account-impacting external action requiring deliberate user consent. In skill ecosystems, missing warnings and consent expectations can lead to accidental posting, misuse of connected accounts, or users misunderstanding that routine content generation may trigger publication steps.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The setup instructions ask users to configure SaaS endpoints, API keys, gateway URLs, and optionally OpenAI credentials, but provide no guidance on secret handling or the privacy implications of transmitting article content and metadata to external services. This creates a realistic risk of credential leakage, unsafe storage practices, and unintentional disclosure of sensitive content to third-party platforms used for formatting, cover generation, or publication.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill explicitly supports article fetching, draft publishing, and multi-platform distribution, but it does not clearly warn users that content, metadata, and possibly linked account data will be transmitted to external services. In a content-publishing skill, this creates meaningful privacy and unintended-disclosure risk because users may assume local processing or may not realize that third-party publication actions are involved.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation instructs users to generate and use an API key but provides no warning that the key is a sensitive secret that must not be exposed in prompts, logs, screenshots, or shared skill configurations. This is dangerous because compromise of the key could allow unauthorized access to publishing, content-processing, and account-linked operations.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill exposes a destructive DELETE operation to clear stored materials without an explicit warning that the action removes previously saved content and may be irreversible. In an agent context, ambiguous destructive actions increase the chance of accidental data loss from casual or misinterpreted user requests.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The one-click pipeline and distribution/publish flows can trigger several remote processing steps and external publication actions in sequence, but the documentation does not clearly warn users that a single request may upload content, generate assets, and distribute to external platforms. This increases the risk of unintended disclosure, surprise billing/quota usage, and accidental publication at scale.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documented flow presents generating content and publishing to a public WeChat account, including image uploads, as a seamless process without an explicit side-effect warning or a final confirmation gate immediately before external publication. This increases the risk of users unintentionally causing real-world external actions, especially when content, images, and account selection may be inferred from conversational context.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The command-based flow shows `/publish` triggering publication directly and reporting success without documenting a safety interstitial or confirmation for external effects. In command mode, the risk is higher because compact syntax can hide consequential actions, making accidental publication or misuse through copied commands more likely.

Vague Triggers

High
Confidence
95% confidence
Finding
The intent triggers include broad phrases like publishing, writing, and WeChat-related requests that can match ordinary conversation rather than explicit opt-in to this skill. In a skill with network access, content generation, and publishing/distribution actions, overbroad activation materially raises the risk of unintended execution and downstream external side effects.

Vague Triggers

High
Confidence
97% confidence
Finding
Single-word and short ambiguous triggers such as '预览一下', '分发', '写文章', '封面图', and '管线' are highly likely to collide with normal user requests. Because this skill can fetch content, transform it, and distribute it over network APIs, ambiguous activation can cause accidental data processing or progression toward publishing workflows without clear user intent.

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal