ClawHub

Wechat Markdown Html Render

Security checks across malware telemetry and agentic risk

Overview

This skill is a Markdown-to-HTML renderer with sample OpenClaw article content, and I did not find hidden execution, data theft, or unsafe persistence.

Install only if you want a local Markdown-to-HTML rendering helper. Review any sample articles before reusing or publishing them, and do not put secrets or sensitive personal data into Markdown files you plan to render or share.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The file output is materially unrelated to the declared skill purpose of rendering Markdown into polished HTML with WeChat-friendly theming. This kind of scope drift is dangerous because a user invoking a formatting skill could instead receive operational guidance that influences system configuration, model setup, or installation behavior outside the expected trust boundary.

Description-Behavior Mismatch

High
Confidence
95% confidence
Finding
The file content is unrelated to the declared Markdown-to-HTML rendering purpose and instead contains operational guidance for OpenClaw, including installation sources, local console access details, token URL format, and configuration commands. In a skill package, this kind of scope mismatch is dangerous because it can smuggle agent-operational or environment-specific instructions into a context where only presentation output is expected, increasing the risk of unauthorized guidance, social engineering, or prompt/instruction contamination.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The guide recommends configuring third-party model providers and external APIs but omits any warning that prompts, files, or conversation data may be transmitted to those services. In the context of an agent ecosystem, this can lead users to unknowingly expose sensitive business or personal data to external processors with different retention, training, or compliance policies.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The document encourages users to populate USER.md with personal information without cautioning that this content may be stored, reused in prompts, surfaced in logs, or sent to connected models and providers. That increases the chance of persistent sensitive-data exposure and over-collection beyond what is necessary for the task.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal