ClawHub
Back to skill

Security audit

xiaofei自用-WeChat Article Scraper

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed WeChat scraping/import helper, but it uses anti-bot browser evasion and weak URL scoping, so users should review it before installing.

Install only if you are authorized to scrape the specific WeChat articles and are comfortable running local Chrome against remote pages. Use --dry-run first, restrict URLs to trusted mp.weixin.qq.com article links, verify any Feishu destination before creating or overwriting documents, and delete the image cache after use if the content is sensitive or copyrighted.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
86% confidence
Finding
The skill advertises and instructs use of network access and shell-executed tooling such as Python and headless Chrome, but declares no corresponding permissions or environment requirements governing those capabilities. This creates a transparency and governance gap: users or platforms may approve the skill without understanding it will fetch remote content, invoke a browser, and write local artifacts.

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
The documented behavior materially differs from the stated purpose: it explicitly uses browser fingerprint spoofing and anti-detection flags to bypass WeChat anti-scraping controls, while also overstating Feishu import and video handling behavior. This is dangerous because it hides policy-sensitive behavior from reviewers and users, and can facilitate unauthorized scraping or compliance violations under the guise of a benign import tool.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The script intentionally configures headless Chrome with anti-detection flags to bypass anti-bot controls and then opens a user-supplied URL. In this skill context, that makes the behavior more concerning because it is not limited to a hardcoded trusted domain, enabling policy evasion and exposing the local environment to attacker-controlled web content through a full browser engine.

Missing User Warnings

Medium
Confidence
80% confidence
Finding
The markdown states that article content and images are downloaded locally and then written into Feishu, but it does not clearly warn users that third-party content will be copied to local storage and transferred to another platform. This can expose sensitive or copyrighted material to unintended retention, synchronization, or broader access in Feishu.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The workflow directs automatic local image downloads into a cache directory without clearly warning that files will persist on disk unless removed. In shared or managed environments, this can leave behind article media, metadata, or sensitive content that later users or processes can access.

Missing User Warnings

Medium
Confidence
78% confidence
Finding
The tool loads user-supplied remote content in headless Chrome and captures the rendered DOM, which can cause the host to make network requests to attacker-controlled pages and process active web content. In an agent/tooling environment, that expands the trust boundary and can enable SSRF-like access, tracking, or abuse of the runtime's network position even if the hostname check is limited to a substring.

Natural-Language Policy Violations

High
Confidence
84% confidence
Finding
The skill explicitly markets itself as bypassing anti-bot detection, and the code uses evasion-oriented flags such as a spoofed user agent and AutomationControlled suppression. In this skill context, that makes the tool more dangerous because it is designed to defeat access controls and increases legal, policy, and abuse risk beyond ordinary scraping.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal