Back to skill

Security audit

workbuddy微信clawbot消息推送

Security checks across malware telemetry and agentic risk

Overview

This skill is a real WeChat/WorkBuddy sending tool, but it uses local bot credentials to send messages and media outward with broad activation wording and weak user-control boundaries.

Install only if you intentionally want Codex/WorkBuddy to send WeChat messages to the configured recipient using your local ClawBot credentials. Before use, review the configured recipient in settings.json, require explicit confirmation before every send, and avoid disabling sandbox protections except for a narrow, trusted run.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill explicitly instructs the runner to make outbound network requests to Tencent/WeChat endpoints and even suggests disabling sandbox protections, yet no declared permissions are provided. In a security-sensitive agent environment, undeclared network capability weakens policy enforcement and can enable unauthorized data transmission using locally stored credentials.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The trigger phrases are broad enough to match ordinary requests like 'send WeChat to the boss' without clear authorization, identity, or scope checks. In this skill's context, that can cause the agent to invoke a credential-bearing messaging workflow and send outbound messages or media to a privileged recipient unintentionally.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The '何时用' examples reinforce ambiguous invocation patterns for common messaging intents, increasing the chance that the skill activates during routine chat requests. Because this skill reads local credentials and performs real outbound delivery to WeChat, accidental invocation has meaningful security and privacy consequences.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Static analysis

No suspicious patterns detected.