Security audit

Liuzln Openclaw Skills Wechat Article Fetcher

Security checks across malware telemetry and agentic risk

Overview

The skill mostly does what it says, but it includes an overbroad helper that can run a user-chosen local Python script in addition to archiving WeChat articles.

Install only if you intend to create local archives of WeChat articles. Choose the output directory deliberately, use --no-images or --no-screenshot when you do not need those files, avoid sensitive or copyrighted content unless you are authorized to store it, and do not use the --script option unless both the script path and virtual environment are fully trusted.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (5)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 89% confidence
Finding: The skill advertises and documents capabilities to read/write local files, access the network, and invoke shell commands, but it does not declare permissions or boundaries for those actions. That creates a transparency and governance gap: users and host systems cannot easily assess or constrain what the skill may do, increasing the risk of unexpected data exfiltration, local data modification, or unsafe command execution if the associated scripts are run.

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: The wrapper accepts a user-controlled --script path and executes it with the chosen virtual-environment Python, which expands the skill from a WeChat article fetcher into a generic code launcher. In an agent or automation context, this can be abused to run arbitrary local Python code under the agent's privileges, potentially accessing files, network resources, or secrets unrelated to the stated skill purpose.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The quickstart encourages fetching and archiving WeChat articles but does not clearly warn users that full article content, screenshots, and downloaded images are persisted to local disk. In a tool explicitly designed for archiving third-party content, this omission can cause unintended retention of sensitive or copyrighted material, especially on shared systems or when users assume the action is transient.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The description emphasizes fetching and analyzing articles but does not clearly warn, up front, that full article content, images, screenshots, and metadata are persisted to local disk. This can lead users to invoke the skill without realizing it creates lasting local copies of potentially sensitive or copyrighted material, causing privacy, compliance, or data-retention issues.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The skill explicitly downloads and locally stores full article content, images, screenshots, and JSON exports, but it does not warn users about privacy, copyright, retention, or safe handling of collected data. This can lead to unintentional collection and persistence of sensitive or regulated content on disk, especially when used for batch scraping or monitoring workflows.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal