ClawHub
Back to skill

Security audit

Wechat Article Writer V2

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed WeChat article-formatting guide with no executable code, credential handling, or hidden data movement.

Install this if you want a WeChat Official Account Markdown layout workflow. Before use, confirm where generated .md files will be written and avoid overwriting existing files unless you explicitly intend to.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The skill metadata uses broad tags and trigger phrases such as general article-writing and structured content terms, which can cause the agent to invoke this skill for ordinary writing requests outside its intended WeChat-publication niche. Over-broad activation increases the chance of unintended instruction capture, causing the model to follow this skill’s rigid workflow when a simpler or different skill would be more appropriate.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The main invocation instruction says to use the skill whenever the user needs to write a WeChat article, but it does not define boundaries, exclusions, or confirmation requirements. This can lead to over-activation and prompt hijacking of normal writing tasks, especially when the user only wants content help rather than the full markdown-module workflow.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The skill instructs the agent to save the final output as a `.md` file to a user-specified directory or the current working directory, but it does not require explicit user confirmation or safe handling for overwrites. In an agent environment with file-system tools, this creates a risk of unintended file creation, clobbering existing files, or writing sensitive content to an unexpected location.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal