Back to skill

Security audit

微信公众号发布工具

Security checks across malware telemetry and agentic risk

Overview

This looks like a real WeChat publishing helper, but it can post publicly, delete drafts, upload local files, and store account credentials without enough safety guardrails.

Install only if you control the WeChat Official Account and are comfortable granting publish, upload, draft deletion, and token access. Review the actual implementation code before running any npm install/build steps, store credentials outside source control with restrictive permissions, upload only intended media files, and use draft mode plus explicit human approval before live publishing or deleting drafts.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Rogue AgentSelf-Modification, Session Persistence
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill advertises publishing capabilities but does not clearly warn that use of the publish tool can immediately distribute content to followers, creating a real risk of accidental public posting. In an agent setting, this missing warning weakens informed consent and increases the chance that a user or downstream agent triggers a high-impact external action unintentionally.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The upload tool accepts an arbitrary local `file_path` and states that media is uploaded to WeChat servers, but it does not warn users that local files leave the host and are transmitted to a third party. In an agent environment, this omission can lead to unintended exfiltration of sensitive local files if a user or prompt supplies the wrong path.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The configuration section instructs users to place `app_secret` in a config file or environment variable without any credential-handling guidance. This is dangerous because secrets may be stored insecurely, committed to repositories, exposed in logs, or left readable to other local users, enabling unauthorized access to the WeChat account.

Session Persistence

Medium
Category
Rogue Agent
Content
## Configuration

Create a configuration file at `~/.openclaw/config/wechat-mp.json`:

```json
{
Confidence
83% confidence
Finding
Create a configuration file at `~/.openclaw/config/wechat-mp.json`: ```json { "app_id": "your-wechat-app-id", "app_secret": "your-wechat-app-secret", "default_author": "默认作者名", "access_token_

VirusTotal

59/59 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.