Back to skill

Security audit

Wechat Articles

Security checks across malware telemetry and agentic risk

Overview

This appears to be a WeChat public-account article search/fetch skill whose network behavior is aligned with its purpose, though its activation wording is broader than ideal.

Install only if you want the agent to search and fetch public WeChat article content. Be aware that your search terms or supplied article URLs may be sent to external search/fetch services, and ambiguous WeChat-related requests may invoke the skill unless the triggers are narrowed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill clearly performs external network access to search for and fetch WeChat articles, but no explicit permissions are declared. That creates a transparency and policy-enforcement gap: a host system or reviewer may underestimate the skill's ability to contact remote services, fetch arbitrary URLs, or exfiltrate queried data via networked dependencies.

Vague Triggers

High
Confidence
93% confidence
Finding
The trigger logic is overly broad and uses mandatory language such as '必须使用此 skill' even when the user did not explicitly request WeChat access. This can cause the agent to route unrelated or ambiguous requests into a network-enabled scraping skill, increasing the chance of unintended data disclosure, over-collection from external sources, and unsafe tool invocation based on weak keyword matches.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The trigger phrases "微信搜索" and "公众号搜索" are broad enough to activate this skill for generic WeChat-related search requests rather than specifically public-account article retrieval. That can cause unintended tool invocation, leading the agent to fetch or process external content outside the user's intended scope and reducing routing precision in a way that may expose users to incorrect or unnecessary data access.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.