Weiwuming Formatter

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent WeChat formatter, but it needs review because it can automatically search the web and upload document-related images to a public third-party image host without a clear consent step.

Install only if you want this specific Weiwuming publishing workflow and are comfortable with web searches plus third-party public image hosting. Use it on material intended for publication, avoid private or licensed images unless you explicitly approve public rehosting, review generated editor notes/footer/recommendations before publishing, and delete the local images/ folder when done.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (5)

Vague Triggers

Medium

Confidence: 85% confidence
Finding: The invocation description includes broad triggers like pasted article text, formatting requests, and generic article conversion phrases, which can cause the skill to activate for ordinary writing tasks outside a narrowly intended scope. Over-broad activation is dangerous because it may unexpectedly route user content into a workflow that performs external searches and public image uploads the user did not explicitly request.

Missing User Warnings

High

Confidence: 97% confidence
Finding: The skill instructs automatic upload of images to a public image host but does not require a clear user-facing warning or consent step before publication. This creates a substantial privacy and data-handling risk because images derived from user documents may contain copyrighted, sensitive, or identifying information and become publicly accessible.

Ssd 3

Medium

Confidence: 96% confidence
Finding: The workflow republishes content derived from the user's source material to an external public host and inserts the resulting URLs into output. Even if intended for formatting convenience, this is dangerous because it exports user-associated content beyond the local task boundary, potentially exposing private, confidential, or licensed material to third parties.

Ssd 3

Medium

Confidence: 93% confidence
Finding: The keyword and extended-reading workflow mandates external search and image-hosting based on entities extracted from article content, expanding data disclosure beyond the original formatting task. This is risky because article topics, names, and associated assets may reveal sensitive interests or unpublished material, and the skill sends those signals to third-party services without a clear minimization boundary.

Ssd 3

Medium

Confidence: 95% confidence
Finding: The workflow explicitly requires downloading source-contained images, reuploading them to a public host, and reporting the hosted URLs, which operationalizes exfiltration of user-provided content. This is especially dangerous for documents containing private photos, internal graphics, or copyrighted material because the process creates new public copies and increases exposure and compliance risk.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal