ClawHub

WeChat Official Account Draft Management

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed WeChat Official Account draft-management tool, with consequential publish/delete abilities that users should operate carefully.

Install only if you intend to let this skill manage a WeChat Official Account. Protect WECHAT_APPSECRET and ~/.config/channel/access_token.json, review media IDs before running publish or delete, and only pass article or image files you are comfortable uploading to WeChat.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill declares environment variables but does not explicitly declare permissions despite documented capabilities including file access, shell execution, and network use. This weakens user consent and review because the skill can perform broader actions than its permission model communicates, especially when handling local files and authenticated API operations.

Tp4

High
Category
MCP Tool Poisoning
Confidence
91% confidence
Finding
The documented behavior omits materially relevant actions: local cover generation via subprocess and uploading cover media to WeChat storage. Hidden or under-documented behavior is dangerous because users may not realize the skill invokes local tooling and transfers additional content to remote services beyond the core draft text workflow.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The delete command is presented without warning about permanence, confirmation, or recovery limitations. In a content-management skill, undocumented deletion behavior increases the risk of accidental destructive actions and irreversible loss of drafts.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The delete path performs an irreversible destructive action immediately when invoked, with no confirmation prompt, preview, or safety interlock. In an agent or automation context, a mistaken parameter, prompt injection, or accidental invocation could silently delete drafts from a production account.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The publish path submits content for publication without any explicit user confirmation or pre-action warning. In an agent-driven environment, this increases the risk of accidental or manipulated public posting of drafts, which can cause reputational damage and unintended disclosure.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal