ClawHub
Back to skill

Security audit

Wxpush

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed WeChat push-message helper, but it handles real messaging credentials and users should avoid its URL-based secret examples.

Install only if you trust the wxpush endpoint you configure. Prefer a self-hosted or vetted service, keep ~/.config/wxpush/wxpush.env private with 600 permissions, avoid GET/query-string examples for tokens or AppSecrets, and rotate any credential that may have appeared in a URL, terminal history, or logs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (7)

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The documentation explicitly recommends passing sensitive credentials in URL query parameters, including a token and, in examples elsewhere, appid/secret. Query-string secrets are commonly exposed through browser history, reverse-proxy and CDN logs, analytics systems, referrer leakage, and shared terminal history, so documenting this without warning or safer guidance increases the chance of credential compromise.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The document instructs users to pass highly sensitive credentials such as AppID, AppSecret, OpenID, and template identifiers directly in request parameters, including a GET example that places secrets in the URL. This is dangerous because URLs are commonly logged by browsers, proxies, reverse proxies, application servers, and shell history, increasing the chance of credential exposure and unauthorized message sending.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The documentation explicitly permits passing the API token in the URL query string, which can expose credentials through browser history, proxy logs, referrer leakage, server access logs, and shared terminals. In this context the file is an API reference for a message-push skill, so readers are likely to copy these examples directly into production usage, increasing the chance of accidental token disclosure.

External Transmission

Medium
Category
Data Exfiltration
Content
## 发送消息

读取 `~/.config/wxpush/wxpush.env`,根据 mode 选择 curl 或 Python 发送请求。

优先使用 curl(最简洁),不可用时用 Python(标准库,无需额外依赖)。
Confidence
92% confidence
Finding
curl 或 Python 发送请求。 优先使用 curl(最简洁),不可用时用 Python(标准库,无需额外依赖)。 ### edgeone 模式(默认) ```bash # curl curl -s -X POST "${WXPUSH_API_URL}/wxsend" \ -H "Content-Type: application/json" \ -d "{\"title\":

Credential Access

High
Category
Privilege Escalation
Content
python3 -c "
import json, os, sys
from urllib.request import Request, urlopen
cfg = {k.strip(): v.strip() for k, _, v in (l.partition('=') for l in open(os.path.expanduser('~/.config/wxpush/wxpush.env')) if '=' in l and not l.startswith('#'))}
data = json.dumps({'title': sys.argv[1], 'content': sys.argv[2], 'token': cfg.get('WXPUSH_API_TOKEN','')}).encode()
req = Request(cfg.get('WXPUSH_API_URL','').rstrip('/') + '/wxsend', data=data, headers={'Content-Type':'application/json'})
print(urlopen(req, timeout=15).read().decode())
Confidence
88% confidence
Finding
.env'

Credential Access

High
Category
Privilege Escalation
Content
python3 -c "
import json, os, sys
from urllib.request import Request, urlopen
cfg = {k.strip(): v.strip() for k, _, v in (l.partition('=') for l in open(os.path.expanduser('~/.config/wxpush/wxpush.env')) if '=' in l and not l.startswith('#'))}
data = json.dumps({'title': sys.argv[1], 'content': sys.argv[2]}).encode()
req = Request(cfg.get('WXPUSH_API_URL','').rstrip('/') + '/wxsend', data=data, headers={'Content-Type':'application/json','Authorization':cfg.get('WXPUSH_API_TOKEN','')})
print(urlopen(req, timeout=15).read().decode())
Confidence
88% confidence
Finding
.env'

Credential Access

High
Category
Privilege Escalation
Content
python3 -c "
import json, os, sys
from urllib.request import Request, urlopen
cfg = {k.strip(): v.strip() for k, _, v in (l.partition('=') for l in open(os.path.expanduser('~/.config/wxpush/wxpush.env')) if '=' in l and not l.startswith('#'))}
data = json.dumps({'title': sys.argv[1], 'content': sys.argv[2], 'appid': cfg.get('WXPUSH_APPID',''), 'secret': cfg.get('WXPUSH_SECRET',''), 'userid': cfg.get('WXPUSH_USERID',''), 'template_id': cfg.get('WXPUSH_TEMPLATE_ID','')}).encode()
req = Request(cfg.get('WXPUSH_API_URL','').rstrip('/') + '/wxsend', data=data, headers={'Content-Type':'application/json'})
print(urlopen(req, timeout=15).read().decode())
Confidence
95% confidence
Finding
.env'

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal