Back to skill

Security audit

Weixinclaw Proactive Push

Security checks across malware telemetry and agentic risk

Overview

This skill openly targets WeChat push automation, but it uses local WorkBuddy credentials to send messages and files externally with broad triggers and no clear confirmation step.

Install only if you intend this agent to send WeChat messages and attachments to the configured boss recipient using your local WorkBuddy credentials. Before use, verify the missing send.js provenance, keep settings and cursor files private, avoid sandbox bypass unless you understand the network access, and require explicit confirmation before any send.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
94% confidence
Finding
The top-level description includes multiple broad natural-language triggers such as '给老板发微信' and '发图片给老板' without strong exclusions or confirmation requirements. In this skill’s context, invocation leads to outbound messaging to a real recipient using locally stored credentials, so an overly broad match can cause unintended message sending or data exfiltration through the boss’s WeChat channel.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The '何时用' section enumerates ambiguous examples that overlap with ordinary messaging intents, but this skill performs a privileged action: proactively sending messages/files over an authenticated bot channel. Because the action is externally visible and can carry attachments, ambiguous routing increases the risk of accidental invocation, unintended disclosure, or sending sensitive files to the wrong channel/recipient.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.