Back to skill

Security audit

wx-mp-push

Security checks across malware telemetry and agentic risk

Overview

This is a real WeChat publishing helper, but it needs Review because it uses account credentials and automatically fetches remote image URLs before uploading content to WeChat.

Review before installing. Use it only for a WeChat Official Account you intend to automate, keep config.json and .tokens private, avoid untrusted article HTML/Markdown or remote image URLs, and confirm the account, content file, cover image, and draft action before running.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The code automatically fetches any http/https URL found in img src attributes and downloads it server-side before re-uploading to WeChat. This creates an SSRF-style primitive and an unintended outbound request capability that can be abused to probe internal or sensitive network resources if article content is attacker-controlled.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger guidance is broad enough that ordinary user requests about publishing, drafting, or formatting content could activate a skill that reads local files and transmits content and credentials-related data to external APIs. Over-broad activation increases the chance of unintended execution and accidental publication or upload.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The common-request examples closely resemble normal conversational language and lack scope restrictions, approval requirements, or disambiguation. In context, this is riskier because the skill can publish drafts, upload images, and send content to a third-party platform, making accidental triggering materially impactful.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill silently downloads external images embedded in content and then uploads them to WeChat, causing outbound transfer of third-party resources without an explicit warning or consent step. In practice this can leak access patterns, contact attacker-controlled hosts, and move unreviewed content across trust boundaries.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.