ClawHub

微信公众号文章抓取

Security checks across malware telemetry and agentic risk

Overview

This skill appears intended to fetch WeChat articles, but its script can fetch any HTTP or HTTPS URL, which is broader than the stated WeChat-only purpose.

Install only if you are comfortable with this skill making outbound web requests. Prefer an updated version that enforces an allowlist for mp.weixin.qq.com, checks the final redirected host, and rejects localhost, private IPs, and non-WeChat domains before fetching.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill documentation describes and invokes a Python script that performs outbound network access to arbitrary WeChat article URLs, but the skill declares no corresponding permissions. Undeclared network capability is dangerous because it hides the skill's true execution scope from reviewers and policy enforcement, which can enable unexpected external communication, data exfiltration, or fetching untrusted remote content.

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The validator accepts any http/https URL and does not restrict the target to mp.weixin.qq.com, even though the skill is presented as a WeChat-specific fetcher. In an agent setting, this broadens the trust boundary and can enable unintended outbound requests, including internal or attacker-controlled hosts, creating SSRF-style risk and policy bypass if users or upstream prompts assume the tool is domain-limited.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal