Security audit

macos-wechat-send

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do what it says, but it can immediately send real WeChat messages and files from the user's account with limited safeguards.

Review before installing. Use only on a trusted Mac, only for explicit user-approved recipients, messages, and file paths, and avoid sensitive attachments until it adds a confirmation step, safer AppleScript argument handling, clipboard restore, and removes the unbundled hard-coded virtualenv fallback.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Behavioral ASTexec() Call, eval() Call, Dynamic Import
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (4)

subprocess module call

Medium

Category: Dangerous Code Execution
Content: ''' try: subprocess.run(['osascript', '-e', script], check=True, timeout=10) return True except Exception as e: print(f"✗ 复制文件失败：{e}")
Confidence: 84% confidence
Finding: subprocess.run(['osascript', '-e', script], check=True, timeout=10)

Vague Triggers

Medium

Confidence: 92% confidence
Finding: The trigger conditions are broad enough that an agent could invoke this skill whenever a user mentions sending a WeChat message or automating WeChat, without an explicit high-assurance confirmation step. Because the skill performs real GUI automation that can send messages or files to external recipients, accidental invocation could cause unintended data disclosure or unauthorized communications.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The description presents automated sending of messages and files as a convenience feature but does not prominently warn that it performs external communication and may transmit sensitive local files. In this context, the operation is high impact because it can send content outside the system boundary to a real contact using accessibility automation, so lack of warning increases the risk of unsafe or uninformed use.

Missing User Warnings

Medium

Confidence: 98% confidence
Finding: The skill automatically pastes and sends messages/files to WeChat contacts with no explicit confirmation step, preview, or recipient verification immediately before dispatch. In an agent setting, this makes unintended data exfiltration, social engineering, or misdelivery significantly more likely because any upstream prompt or task can trigger real outbound communication.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal