ClawHub

微信公众号自动发布增强版

Security checks across malware telemetry and agentic risk

Overview

This appears to be a real WeChat draft-publishing helper, but it needs powerful account credentials and the package gives weak safety controls and inconsistent setup instructions.

Review before installing. Use only a WeChat account and files you intend the agent to access, treat APPSECRET like a password, do not put it in committed files, prompts, logs, screenshots, or shell history, and manually inspect the created WeChat draft before publishing publicly. Expect to fix the package paths/options before relying on dry-run, environment-variable loading, digest, beautify, or custom author behavior.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The README instructs users to store sensitive WeChat credentials in a local .env file but provides no guidance about protecting that file, excluding it from version control, or using a secure secret store. In an agent-skill context, this increases the chance that APPID/APPSECRET are accidentally committed, exposed in workspace snapshots, or read by other tooling with filesystem access.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill instructs users to handle APPSECRET credentials and upload articles and images to WeChat, but it does not provide any warning about secret handling, storage, logging, or third-party data transmission. This increases the risk of users placing credentials in source files, shell history, or insecure environments, and of unintentionally sending sensitive content to external servers.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal