ClawHub

Wechat Mp Publisher

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do what it claims, but it can publish to and delete drafts from a WeChat Official Account without strong confirmation safeguards.

Install only if you are comfortable giving this skill authority over a WeChat Official Account. Configure it with dedicated credentials if possible, protect the config and token files, and instruct your agent to save drafts first and ask for explicit approval before publishing or deleting drafts.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (7)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The document advertises capabilities to publish content and delete drafts, but it does not clearly warn that these actions are externally visible and potentially destructive. In an agent skill context, this omission can cause users or downstream agents to invoke high-impact operations without adequate confirmation or understanding, increasing the risk of accidental publication or data loss.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The README promotes actions such as uploading media and publishing articles to a live WeChat public account, but it does not warn that these operations modify external account state and may become publicly visible. In an agent-skill context, omission of this warning increases the chance of accidental publication or unintended account changes by users who assume the tool is only local or draft-oriented.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The README instructs users to place App ID and App Secret in a local config file or environment variables without any guidance on credential sensitivity, file permissions, secret rotation, or avoiding accidental disclosure. Although this is standard configuration practice, the lack of security handling advice can lead to credential leakage through source control, shared shell history, logs, or overly permissive filesystem settings.

Missing User Warnings

Medium
Confidence
85% confidence
Finding
The publish tool defaults to immediate publication (`publish` defaulting to true), but the documentation does not prominently warn that using the tool can distribute content to followers right away. In an agent context, weak disclosure of side effects increases the chance of accidental mass publication, especially if the tool is invoked from natural-language tasks without explicit user confirmation.

Missing User Warnings

Medium
Confidence
79% confidence
Finding
The draft deletion capability is documented as a normal operation without emphasizing that it is destructive and may be irreversible. In an agent-driven workflow, lack of a warning can lead to accidental deletion of editorial content or loss of work if the wrong `media_id` is supplied.

Missing User Warnings

Medium
Confidence
82% confidence
Finding
The configuration section instructs users to store `app_secret` and a token cache file locally but does not include guidance on file permissions, secret handling, or avoiding accidental disclosure. Because these credentials enable authenticated access to a WeChat Official Account, poor storage practices can lead to account compromise or unauthorized publishing if the files are exposed.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The spec includes destructive draft deletion and immediate publication capabilities without requiring confirmation prompts, warnings, or clear guardrails around irreversible actions. In a publishing skill, this can lead to accidental content deletion or unintended mass publication to subscribers, causing reputational and operational harm.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal