ClawHub

Wechat File Helper

Security checks across malware telemetry and agentic risk

Overview

This skill is mostly coherent, but it can automatically send live WeChat login QR screenshots and WeChat messages without strong recipient checks or confirmation.

Install only if you are comfortable with this skill controlling a WeChat File Helper browser session and sending login QR screenshots through configured messaging channels. Use a trusted, explicit recipient, avoid cron unless the behavior is tightly controlled, and consider editing the scripts to require confirmation, block empty or unexpected recipients, and delete /tmp/wechat-qr.png after use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The script sends a captured WeChat QR image to an arbitrary phone number supplied as an argument, creating an outbound data exfiltration path. Because the QR image is authentication-related and the destination is not validated or confirmed by the user, this can leak sensitive login material or session access information.

Intent-Code Divergence

Low
Confidence
88% confidence
Finding
The comment claims the code is only checking whether the page is open, but the logic actually infers login state and triggers follow-on actions including automated messaging. This mismatch can mislead reviewers and operators, reducing the chance that risky behavior is noticed and increasing the likelihood of unintended account actions.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill captures a live WeChat login QR code and transmits it through external messaging channels, which can expose a valid authentication artifact to unintended recipients, service providers, or compromised accounts. Because scanning the QR can grant session access, forwarding it outside the browser context materially increases account takeover risk and leaks sensitive login state.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
Automatic selection of the 'first available' channel for QR delivery can send a sensitive login QR to the wrong platform, chat, or recipient without adequate warning or validation. Since the QR is effectively a login token, misdelivery could allow unauthorized parties or external services to capture and use it before the intended user does.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The script captures a WeChat login QR screenshot and transmits it to a phone number without an explicit warning or consent flow. Authentication QR codes are sensitive and may enable account access or social-engineering abuse if delivered to the wrong recipient or intercepted.

Missing User Warnings

Low
Confidence
91% confidence
Finding
When the page appears logged in, the script automatically types and sends a message from the user's WeChat File Helper session without a clear prior disclosure or approval step. Any capability that sends messages from an authenticated account can be abused for spam, social engineering, or covert signaling.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal