Wx Miniprogram Ci

Security checks across malware telemetry and agentic risk

Overview

This WeChat mini-program CI skill is mostly legitimate, but it can make global system changes and remote publishing changes with sensitive key material without enough guardrails.

Review before installing. Prefer manually installing a trusted, pinned miniprogram-ci version instead of allowing automatic global installation, restrict permissions on the WeChat private key and ~/.wxmini-ci.config.js, and require explicit approval before running upload, cloud upload, or SourceMap commands.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (3)

Tp4

High

Category: MCP Tool Poisoning
Confidence: 87% confidence
Finding: The skill description understates several material behaviors: it can install a global npm package, read and persist configuration under the user's home directory, and expose additional commands including source map retrieval. This mismatch weakens informed consent and can lead users or automated agents to authorize filesystem modification, package installation, and potentially sensitive artifact access they did not expect.

Context-Inappropriate Capability

Medium

Confidence: 95% confidence
Finding: The script automatically executes `npm install -g miniprogram-ci` when the dependency is missing, which causes network access and system-wide modification without an explicit opt-in at runtime. In a CI wrapper, this is dangerous because it expands the tool's privilege and trust boundary: an attacker controlling package resolution, registry settings, or execution context could trigger installation of code that then runs with the current user's privileges.

Missing User Warnings

Low

Confidence: 84% confidence
Finding: The documentation encourages persisting security-relevant configuration, including private key paths, into a user-scoped config file without clearly emphasizing the sensitivity of those settings or recommending hardening practices. Even if the private key contents are not stored directly, centralizing credential locations in a predictable file can aid local attackers, accidental disclosure, or unsafe automation patterns.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal