ClawHub

wechat-article-reader

Security checks across malware telemetry and agentic risk

Overview

This skill appears to fetch and summarize user-provided WeChat article links, with disclosed network behavior that fits its purpose, but users should understand it contacts external sites and relies on unpinned dependencies.

Install only if you are comfortable with the skill making outbound requests to fetch article URLs you provide. Avoid submitting private or access-controlled links, and prefer a version that narrows triggers, documents network/privacy behavior clearly, and pins dependencies to reviewed versions.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (10)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill documentation indicates outbound network access via requests to fetch WeChat article content, but no corresponding permissions are declared. This creates a security and governance gap: users or the platform may not be aware the skill performs external requests, which can lead to unexpected data exposure, SSRF-like abuse if URL validation is weak, or policy bypass around network-capable skills.

Missing User Warnings

Medium
Confidence
81% confidence
Finding
The README explicitly describes making outbound requests to user-supplied WeChat article URLs and using anti-crawling techniques such as User-Agent rotation, but it does not warn users that submitted links and related request metadata will be transmitted to third-party servers. This creates a real privacy and transparency issue: users may unknowingly cause external network access, disclose browsing targets, or trigger requests to content they did not intend to fetch through the skill.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The keyword trigger list is broad and generic enough to activate on common Chinese words like '读取', '总结', and '摘要', which can cause the skill to run outside the user's intended context. In a processor skill with network access and automatic URL triggers, unintended activation can lead to unnecessary external requests, privacy issues, and confusing cross-platform behavior.

Natural-Language Policy Violations

Medium
Confidence
78% confidence
Finding
The skill metadata and trigger phrasing assume Chinese-language interaction and公众号-specific behavior without an explicit opt-in or locale check. This can cause unintended activation or mismatched behavior for users on supported platforms who did not request Chinese-language processing, reducing predictability and potentially causing accidental handling of content they did not mean to submit.

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests>=2.31.0
beautifulsoup4>=4.12.0
lxml>=4.9.0
fake-useragent>=1.4.0
Confidence
95% confidence
Finding
requests>=2.31.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests>=2.31.0
beautifulsoup4>=4.12.0
lxml>=4.9.0
fake-useragent>=1.4.0
Confidence
95% confidence
Finding
beautifulsoup4>=4.12.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests>=2.31.0
beautifulsoup4>=4.12.0
lxml>=4.9.0
fake-useragent>=1.4.0
Confidence
96% confidence
Finding
lxml>=4.9.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests>=2.31.0
beautifulsoup4>=4.12.0
lxml>=4.9.0
fake-useragent>=1.4.0
Confidence
94% confidence
Finding
fake-useragent>=1.4.0

Known Vulnerable Dependency: requests — 10 advisory(ies): CVE-2014-1830 (Exposure of Sensitive Information to an Unauthorized Actor in Requests); CVE-2024-47081 (Requests vulnerable to .netrc credentials leak via malicious URLs); CVE-2024-35195 (Requests `Session` object does not verify requests after making first request wi) +7 more

High
Category
Supply Chain
Confidence
89% confidence
Finding
requests

Known Vulnerable Dependency: lxml — 10 advisory(ies): CVE-2021-43818 (lxml's HTML Cleaner allows crafted and SVG embedded scripts to pass through); CVE-2014-3146 (lxml Cross-site Scripting Via Control Characters); CVE-2021-28957 (lxml vulnerable to Cross-Site Scripting ) +7 more

High
Category
Supply Chain
Confidence
87% confidence
Finding
lxml

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal