ClawHub

Wechat Mp Publisher 1.0.0

Security checks across malware telemetry and agentic risk

Overview

This skill appears intended to publish to WeChat, but it handles real account credentials and live publishing with weak safeguards and unsafe examples.

Review carefully before installing with a real WeChat account. Use a test account first, replace all example credentials with your own local secrets, do not share .env files or token command output, and require human review before any agent runs the publish command on production content.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Intent-Code Divergence

Medium
Confidence
98% confidence
Finding
The document explicitly warns users not to share secrets, yet includes what appears to be a concrete AppSecret value in the sample .env block. Even if intended as an example, publishing credential-like secrets in a skill/tutorial can lead to real secret exposure, accidental reuse, and normalizes unsafe handling of sensitive tokens.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The skill explicitly documents publishing content to a public WeChat official account, but it does not warn that publication is externally visible, may reach a real audience, and can be difficult or impossible to fully retract once sent. In agent or automation contexts, missing this warning increases the risk of accidental public posting, reputational harm, and unintended disclosure of sensitive or draft content.

Missing User Warnings

Medium
Confidence
98% confidence
Finding
The CLI exposes the WeChat access token directly to stdout, which can leak credentials into shell history, CI/CD logs, terminal recordings, or shared consoles. A valid access token can be reused to perform authenticated API actions against the associated WeChat account until it expires.

Ssd 3

High
Confidence
99% confidence
Finding
The article shows a credential-like WECHAT_APPSECRET value in a copy-pastable .env example. In a skill context, this is more dangerous because users are encouraged to create local secret files and may unknowingly reuse or trust exposed values, while any real exposed secret could be abused to obtain access tokens and interact with the WeChat publishing API.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal