Back to skill

Security audit

wx-mp-write

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed WeChat public-account writing helper that can use search and create WeChat drafts, with no executable installer or hidden behavior found.

Install this if you intend to use Tavily search and a WeChat publishing helper for公众号 article workflows. Review the full article, title, author, summary, image sources, and destination account before creating any draft, and keep TAVILY_API_KEY in a secure environment variable rather than prompts, shared files, or screenshots.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Vague Triggers

Medium
Confidence
91% confidence
Finding
The skill description is broad enough to match common writing, editing, image-search, and publishing requests, which increases the chance of unintended invocation. Because the skill can progress from content generation to external publication, accidental triggering could lead to unwanted tool use or publication-related actions in workflows where the user did not explicitly request this skill.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill describes publishing to a WeChat draft box but does not require an explicit confirmation step immediately before the external write action. External publishing actions are security-sensitive because they can modify third-party accounts or create user-visible content, so missing confirmation raises the risk of unintended account actions and reputational harm.

Missing User Warnings

Low
Confidence
84% confidence
Finding
The documentation instructs users to configure TAVILY_API_KEY but does not note that it is a secret requiring secure storage and non-disclosure. While this does not directly leak the key, normalizing casual handling of credentials increases the chance of accidental exposure through logs, prompts, screenshots, or checked-in env files.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The skill description is broad enough to overlap with many ordinary writing, editing, and publishing requests, which increases the chance of unintended activation. In a skill that can transform content and potentially publish it onward, mis-triggering can cause unwanted processing or preparation for external dissemination without the user clearly intending to use this specific workflow.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill explicitly supports sending generated Markdown to an external publishing tool but does not require a clear user-facing warning or confirmation that content will leave the current context and be transmitted to a WeChat-related destination. This is risky because users may assume they are only drafting locally, while the skill may facilitate external transfer of sensitive, unpublished, or confidential material.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.