Security audit

WeChat Article Digest

Security checks across malware telemetry and agentic risk

Overview

The skill is a WeChat article summarizer that openly fetches article pages and stores local article notes for daily digests.

Install this if you are comfortable with the agent fetching WeChat article pages and keeping local memory files of article links and summaries. Avoid using it for sensitive reading material unless local retention is acceptable, and periodically review or delete the memory/YYYY-MM-DD.md files if you do not want that history retained.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 82% confidence
Finding: The skill persistently writes article metadata, summaries, and links into local memory files without clearly informing the user at the point of collection or obtaining consent. This creates a privacy and data-retention risk, especially because forwarded links and reading habits can reveal sensitive interests, affiliations, or work topics over time.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal