WeChat Official Account Article Auto-Publisher

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed browser-automation guide for publishing WeChat Official Account articles, with real account risk but no hidden code or deceptive behavior found.

Install only if you intentionally want an agent to operate a live WeChat Official Account through browser automation. Review the article, target account, mass-notification setting, and schedule before scanning any publishing confirmation QR code.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The trigger phrases are broad enough to match ordinary user requests about publishing, which can cause the skill to activate in situations where the user did not clearly intend browser-driven automation on a live WeChat Official Account. In this context, mistaken activation is risky because the skill operates against a real publishing backend and can proceed toward account actions with reputational and operational consequences.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The workflow performs the final publish sequence, including confirmation clicks, without requiring an explicit just-in-time user confirmation immediately before the irreversible action. This is dangerous because publication to an official account can trigger mass distribution, consume limited notification quotas, and create public-facing content changes that are difficult or impossible to fully undo.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal