ClawHub

Wechat Sender

Security checks across malware telemetry and agentic risk

Overview

This skill is a WeChat automation helper, but it can view private chat screens and send messages from the user’s logged-in account while also advising ways to bypass screen-capture protections.

Install only if you are comfortable with an agent seeing your WeChat window and acting through your logged-in account. Before use, require manual confirmation of the exact recipient and message, avoid using it when private or enterprise chats are visible, do not use the bypass guidance for capture-protected apps, and stop the screenshot service when finished.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
The skill explicitly advises that focusing and resizing the WeChat window can bypass anti-screen-capture protections. That is dangerous because it normalizes circumvention of application privacy controls and enables capture of chat contents unrelated to the narrow task of sending a message. In this context, the bypass guidance is not necessary for simple message composition and materially increases the chance of unauthorized disclosure of sensitive conversations.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger phrases are broad enough to activate on ordinary conversation about WeChat, which can cause the skill to launch in unintended contexts. Because this skill performs sensitive actions like reading screen state and sending messages, accidental invocation raises the risk of privacy violations and unintended outbound communication.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill automates screen capture, visual analysis, contact selection, and message sending without a clear warning or consent flow about privacy exposure and the consequences of sending messages on the user's behalf. This is especially risky in a messaging context because screenshots may expose unrelated chats and a mistaken send can disclose sensitive information to the wrong person.

Ssd 3

High
Confidence
98% confidence
Finding
These instructions tell the operator to focus the WeChat window because some apps have anti-recording restrictions, directly framing the workflow around defeating those safeguards so screenshots can be captured and analyzed. That creates a clear path to extract chat content and contact information from a protected interface, which is beyond the minimum needed for message sending.

Ssd 3

High
Confidence
99% confidence
Finding
The note explicitly states that focusing and resizing can bypass WeChat or Enterprise WeChat anti-screen-capture limits. This is a direct instruction to circumvent a privacy/security control, enabling covert viewing and analysis of protected chat content and making the skill substantially more dangerous than a normal automation helper.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal