Security audit

公众号写作助手（通用版）

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only WeChat article-writing helper whose local files, web search, and optional WeCom export are disclosed and aligned with its purpose.

Before installing, treat the saved account profiles and article index as workspace data that may include business strategy or brand voice. Use the WeCom archive option only after reviewing the article and confirming that the separate wecom-doc integration is trusted for your organization.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (9)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The trigger phrases are broad, natural-language commands such as '今天写什么' and '帮我写公众号', which can plausibly appear in ordinary conversation and unintentionally invoke the skill. In this skill, accidental activation is more concerning because invocation can lead to account switching, profile creation, local file writes, and possible downstream archival behavior.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The README states that the skill automatically saves account profiles locally and archives articles to enterprise WeChat documents, but it does not prominently warn users when data will be written, persisted, or transmitted. This creates a real privacy and integrity risk because users may provide sensitive business, audience, or writing-style information without informed consent about storage locations and syncing behavior.

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The trigger phrases include broad everyday expressions such as “写文章” and “这篇文章写得好”, which can cause the skill to activate when the user did not intend to enter this workflow. In a multi-step skill that reads and writes workspace files and can later invoke external tools, accidental activation increases the chance of unintended data access or state changes.

Vague Triggers

Medium

Confidence: 80% confidence
Finding: The account-switch logic can be entered when multiple profile files exist, even if the user did not ask to switch accounts. This ambiguity may steer the conversation into selecting or revealing account identifiers unnecessarily, which is a privacy and workflow-integrity issue rather than a direct compromise.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The skill instructs the agent to persist user-provided account profile data into the workspace, but it does not clearly warn the user that this information will be stored for future sessions. Persistent storage of audience, style, and account details without explicit notice can violate user expectations and expose sensitive business information if the workspace is shared or later accessed by other workflows.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill performs web searches using account-related keywords and hot-topic queries without informing the user that prompts derived from their account profile may be sent to an external search service. If the profile contains sensitive niche, branding, or strategy information, this can leak contextual business data to third parties.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: Although the skill asks whether to save the article to WeCom Docs, it does not explain that the content will be stored in an external system with its own sharing and access controls. Users may confirm without understanding that drafts, proprietary content, or sensitive internal messaging could become accessible beyond the current workspace.

Missing User Warnings

Low

Confidence: 91% confidence
Finding: The template explicitly says completed profiles are automatically saved to a local file, but it does not clearly warn users that the information they enter will be persisted. Because the profile fields include audience details, content strategy, and potentially identifying business information, users may disclose sensitive data without informed consent. In this skill context, automatic archival across accounts increases the likelihood of unintended retention or exposure.

Vague Triggers

Medium

Confidence: 84% confidence
Finding: The example profile explicitly documents natural-language phrases such as “更新公众号风格” and “这篇文章写得好” as triggers for profile updates. Because these phrases are common in normal user conversation, an attacker or even an ordinary user could unintentionally trigger state-changing behavior, causing unwanted profile modification or poisoning of the learned writing style.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal