ClawHub

WeChat Articles Reader

Security checks across malware telemetry and agentic risk

Overview

This WeChat article reader is mostly transparent, but it forces screenshot sharing and includes broad browser automation behavior that users should review before installing.

Install only if you are comfortable with a skill that uses browser anti-bot evasion and automatically posts full article screenshots. Prefer restricting it to mp.weixin.qq.com URLs and changing screenshot sending to opt-in before using it in channels that may contain private, paid, or sensitive content.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

Medium
Confidence
88% confidence
Finding
The description says screenshot capture is optional, but this section escalates it into a mandatory send-to-channel action for every article request. That broadens the skill's behavior from article reading to automatic redistribution of article imagery, which can expose sensitive or copyrighted content and violates least-privilege and user-intent alignment.

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
The script explicitly bypasses anti-bot controls by spoofing a mobile browser, masking navigator.webdriver, and disabling automation indicators. This is dangerous because it enables automated access to content behind bot-detection controls and normalizes evasion techniques that can be repurposed for scraping or policy circumvention beyond the stated article-reading use case.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The workflow explicitly directs the agent to send a screenshot of the full article to the channel without any privacy, sensitivity, or consent check. Screenshots can contain personal data, subscriber-only material visible to the browser session, or other content the user did not ask to redistribute, making this a data-sharing risk amplified by automation.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal