Back to skill

Security audit

mmxagent-skill-wecom

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent WeCom connection setup flow, but it stores a WeCom bot secret locally and restarts OpenClaw after authorization.

Install only if you intend to connect OpenClaw to WeCom. Before authorizing, be aware that success will store the WeCom bot secret in ~/.openclaw/openclaw.json, enable the WeCom channel, and restart the OpenClaw gateway. Keep that config file private and rotate the WeCom bot secret if it is exposed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The skill’s stated purpose is obtaining WeCom authorization, but it also instructs the agent to persist retrieved credentials into a local OpenClaw configuration file and enable the channel. This extends the skill from a user-facing auth flow into local system modification, which is security-relevant because it changes runtime behavior and stores secrets without clearly scoped authorization or confirmation for the write operation.

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
Restarting `openclaw gateway` is an operational action beyond merely generating or checking an authorization link, and it can disrupt service or apply unintended configuration changes immediately. In an agent setting, bundling a restart into a connection workflow increases risk because the user may not realize the skill has authority to alter running system state.

Vague Triggers

Medium
Confidence
87% confidence
Finding
Using broad confirmation phrases such as 'done' or 'ok' as the trigger to advance into polling and follow-on actions makes the workflow easy to activate accidentally during ordinary conversation. Because the next phase can retrieve credentials and proceed to local configuration changes, weak gating increases the chance of unintended execution.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill tells the agent to write `botId` and `secret` into a local config file and restart the gateway, but it does not explicitly warn the user that sensitive credentials will be stored locally and a service will be restarted. This lack of transparency is dangerous because users may believe they are only completing an authorization flow, not consenting to persistent secret storage and operational changes.

VirusTotal

50/50 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.