WeChat Work Doc Fetcher

Security checks across malware telemetry and agentic risk

Overview

This skill coherently fetches WeChat Work documentation into Markdown, but users should handle optional session cookies as sensitive secrets.

Install in an isolated Python environment if possible. Use this only for WeChat Work docs you are authorized to access, and treat any copied cookies like passwords: do not commit them, share them, paste them into screenshots, or leave them in shell history.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The script explicitly instructs the user to copy browser authentication cookies from DevTools and then sends them in requests to the remote service. Embedding cookie handling in the tool increases the chance of credential leakage through source sharing, shell history, screenshots, logs, or accidental reuse, especially because the fallback path relies on authenticated access and there is no strong warning about treating the cookie as a secret.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal