Security audit
SKILL接入微信支付,收款码生成
Security checks across malware telemetry and agentic risk
Overview
This is a documentation-only WeChat Pay integration skill whose sensitive payment and credential topics are disclosed and aligned with its stated purpose.
Before installing, confirm that WeChat Pay credentials are stored outside chat in a protected secrets manager or equivalent, and that refunds, bill downloads, and red-packet or marketing payout actions require explicit authorization and audit logging. VirusTotal was still pending, but static scan and SkillSpector were clean, and the artifact itself is coherent and instruction-only.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
66/66 vendors flagged this skill as clean.