ClawHub

Wechat Articles

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed WeChat public-account article search and reader, with normal web-fetching and dependency risks but no evidence of hidden, destructive, or credential-stealing behavior.

Install only if you want an agent to search and fetch public WeChat article content. Avoid sensitive search terms, use mp.weixin.qq.com article URLs, and review the unpinned Python dependencies and Chromium install before enabling it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
86% confidence
Finding
The skill explicitly installs and uses network-capable libraries (`requests`, `playwright`) to search and fetch remote WeChat content, but no corresponding permissions are declared. This creates a governance gap: reviewers and orchestrators may not realize the skill performs outbound network access, reducing transparency and weakening policy enforcement around data egress and remote content retrieval.

Vague Triggers

High
Confidence
93% confidence
Finding
The activation rules are extremely broad, including language that the skill 'must' be used even when the user does not explicitly mention WeChat, as long as the request loosely involves obtaining information from the WeChat ecosystem. Overbroad routing can cause the agent to invoke this networked skill for unrelated or weakly related requests, unnecessarily sending queries/URLs to external services and expanding the attack surface for prompt/skill hijacking and unintended data access.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger list contains ambiguous phrases such as '公众号内容', '微信链接', and 'wechat article' without boundary conditions, which can match benign or unrelated requests. In a skill that performs live network retrieval, ambiguous triggers increase the chance of accidental invocation, causing unnecessary external requests, privacy leakage of user intent, and tool misuse in contexts where a safer/local response would suffice.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger phrases around lines 10–12 are broad enough that normal user requests about WeChat or searching content could invoke this skill even when the user did not specifically request public-account article retrieval. Over-broad routing can cause unintended tool activation, unnecessary external fetching, and disclosure of user queries to a third-party content source, which is a real security and privacy concern in agent ecosystems.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal