ClawHub

Windows WeChat MCP

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says, but it lets an agent screenshot WeChat and send messages from the user's live desktop session without built-in confirmation or recipient checks.

Install only if you are comfortable letting an agent control your open WeChat window. Require manual approval before every screenshot or message send, verify the active chat and message content yourself, and avoid using it around private conversations or sensitive contacts.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill explicitly supports GUI-driven message sending and window activation but does not warn about the risk of targeting the wrong chat, focusing the wrong window, or sending unintended content. In a desktop automation context, these are realistic failure modes that can cause unauthorized disclosure or accidental actions because the tool acts on the live user interface rather than a strongly bound recipient identity.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The code can capture the contents of a WeChat window and optionally save the image to disk without any consent, notice, or access control. Because chat windows commonly contain private messages, contacts, and other sensitive information, silent screenshot collection creates a real privacy and surveillance risk, especially in an agent or MCP context where the action may be remotely triggered.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
This code automates message delivery to the currently focused or selected WeChat chat without any user verification, preview, or approval step. In an automation setting, that can be abused to impersonate the user, send spam or phishing content, or trigger unintended communication to the wrong recipient if window focus or search results are manipulated.

Missing User Warnings

Low
Confidence
83% confidence
Finding
The code overwrites the system clipboard with contact names and message text, which can leak sensitive data to other applications, clipboard history, remote desktop sync, or later user paste actions. While lower severity than direct exfiltration, it is still a privacy and integrity issue because it silently alters shared system state.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal