wjx-cli-use

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate Wenjuanxing CLI helper, but it gives an agent broad account and data-changing power without enough safety prompts.

Install only if you are comfortable letting an agent operate your Wenjuanxing account. Use the least-privileged API key available, avoid pasting secrets into chat when possible, avoid sudo/global or pipe-to-shell installs unless you have reviewed the source, and require explicit confirmation before exports, response submission/import, score changes, SSO link generation, contact/admin/account changes, response clearing, or survey deletion.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (9)

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The trigger list is very broad, including common words like '调查', '表单', 'survey', and 'questionnaire', which can cause the skill to activate in contexts where the user did not request CLI execution or account-linked operations. Overbroad invocation increases the chance of unintended command execution, credential prompts, or environment changes in unrelated conversations.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill instructs users to obtain and send an API key, then directs the agent to configure it, but it provides no clear warning that the API key is sensitive or guidance on minimizing exposure. This is dangerous because it normalizes sharing long-lived credentials in chat and may lead to credential leakage through logs, transcripts, or unintended reuse.

Missing User Warnings

Medium

Confidence: 82% confidence
Finding: The webhook decoding section instructs users to handle encrypted callback payloads, AppKeys, signatures, raw request bodies, and exposes fields like IP and submission data without any warning that these inputs may contain secrets or personal data. In a CLI/documentation context, this can lead users to paste sensitive production webhook data into shells, logs, histories, screenshots, or shared terminals, increasing risk of credential and respondent-data disclosure.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The document teaches users how to generate passwordless SSO login URLs for subaccounts, user-system participants, and partners, but does not prominently warn that these links confer direct authenticated access and must be treated like secrets. In a CLI skill meant to guide operational use, omission of handling guidance increases the chance that operators paste links into chats, logs, tickets, or browser history, enabling account takeover or unauthorized access if exposed.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The document instructs users to pipe a remotely fetched script from GitHub directly into bash, which executes unreviewed network content immediately on the local machine. If the remote content, repository, transport path, or upstream account is compromised, users could run arbitrary code without an opportunity to inspect it first.

Missing User Warnings

High

Confidence: 97% confidence
Finding: The Linux instructions pipe a remote setup script directly into sudo bash, combining unaudited network content with root privileges. This significantly increases blast radius because any malicious or tampered script would execute with administrative access and could fully compromise the host.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The documentation enables querying, reporting on, and downloading survey responses, which commonly contain personal, sensitive, or confidential data, but it provides no guidance on authorization checks, data minimization, or safe handling. In an agent skill context, this omission increases the chance an automated agent will retrieve or export respondent data too broadly or for an unauthorized user request.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The submit command explicitly supports agent-driven submission, proxy filling, and data import, which can alter survey records and potentially impersonate legitimate respondents or poison downstream analytics. Because the skill encourages an AI agent to follow this workflow without guardrails around authorization, provenance, or auditability, it materially increases the risk of fraudulent or unauthorized data modification.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The clear command irreversibly deletes survey response data, yet the documentation lacks prominent warnings about destructive impact, authorization verification, backups, or confirmation steps. In an agent setting, presenting a one-step deletion command without safety controls creates a significant risk of accidental or malicious mass data loss.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal