ClawHub

read wechat article

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do what it claims: fetch and parse user-provided WeChat article links, with security hardening gaps but no evidence of hidden access, persistence, credential theft, or destructive behavior.

Install this only if you want an agent to fetch WeChat articles from URLs you provide. Prefer a version that enables normal HTTPS certificate verification and pins reviewed dependency versions, and treat returned article text as untrusted source material.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Intent-Code Divergence

Medium
Confidence
99% confidence
Finding
The code disables TLS certificate verification for outbound HTTPS requests with `verify=False`, which makes the connection vulnerable to man-in-the-middle interception and tampering. In a content-fetching skill, this means an attacker on the network path could supply forged article HTML, alter extracted content, or harvest requested URLs without the client detecting certificate issues.

Missing User Warnings

High
Confidence
100% confidence
Finding
Disabling certificate verification without any user-facing warning silently weakens transport security and privacy guarantees. Because this skill fetches remote content from a public URL and then parses it as trusted input, a MITM attacker could inject arbitrary HTML content, influencing downstream output and any consumer that relies on the scraped result.

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests>=2.31.0
beautifulsoup4>=4.12.0
markdownify>=0.11.6
Confidence
94% confidence
Finding
requests>=2.31.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests>=2.31.0
beautifulsoup4>=4.12.0
markdownify>=0.11.6
Confidence
94% confidence
Finding
beautifulsoup4>=4.12.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests>=2.31.0
beautifulsoup4>=4.12.0
markdownify>=0.11.6
Confidence
94% confidence
Finding
markdownify>=0.11.6

Known Vulnerable Dependency: requests — 10 advisory(ies): CVE-2014-1830 (Exposure of Sensitive Information to an Unauthorized Actor in Requests); CVE-2024-47081 (Requests vulnerable to .netrc credentials leak via malicious URLs); CVE-2024-35195 (Requests `Session` object does not verify requests after making first request wi) +7 more

High
Category
Supply Chain
Confidence
98% confidence
Finding
requests

Known Vulnerable Dependency: markdownify — 1 advisory(ies): CVE-2025-46656 (markdownify allows large headline prefixes such as <h9999999>, which causes memo)

Low
Category
Supply Chain
Confidence
83% confidence
Finding
markdownify

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal