wechat-summary2

Security checks across malware telemetry and agentic risk

Overview

This skill fetches a user-provided article link and summarizes it, with no evidence of hidden data access, persistence, or destructive behavior.

Install this if you want help summarizing WeChat articles. Be aware it may make an outbound request to the link you provide and may run the included Python script after WebFetch fails, so avoid using it on private, internal, or sensitive URLs.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 88% confidence
Finding: The skill instructs use of WebFetch and a Python fallback script to retrieve arbitrary user-supplied URLs, which is a real network-capable behavior despite no declared permissions. This creates a mismatch between documented permissions and actual capability, reducing auditability and making it easier for network access to be introduced without explicit review.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal