Back to skill

Security audit

Wechat Article Analyzer

Security checks across malware telemetry and agentic risk

Overview

This appears to be a WeChat article analysis helper with expected network fetching and report output, but it has dependency and trigger-scope hygiene issues to review.

Install if you are comfortable with the skill fetching WeChat article URLs you provide and writing reports to paths you choose. Prefer a controlled Python environment with pinned, current versions of requests and PyYAML, and avoid letting broad keyword triggers fetch links unless you explicitly intended that.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill advertises and demonstrates network access (fetching remote WeChat articles) and file-writing behavior (`--output report.md`, JSON/YAML output) but does not declare permissions or constraints. Hidden or undeclared capabilities reduce user awareness and policy enforcement, making it easier for the skill to perform remote requests or write files in contexts where the user did not explicitly consent.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The auto-trigger is broad enough to activate on generic keywords like “微信公众号” or “公众号文章,” which can cause the skill to run in conversations where the user did not intend remote fetching or article analysis. Because this skill performs network retrieval of third-party content, overbroad triggering increases the chance of unintended external requests, privacy issues, and confusing or unsafe automation.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The description says the skill can read and analyze article content but does not clearly warn users that it will fetch remote content from provided links. In the context of a skill that automatically processes URLs, this omission is meaningful because users may not realize that sharing a link or keyword can trigger outbound requests to external infrastructure.

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests>=2.25.0
pyyaml>=5.4.0
Confidence
95% confidence
Finding
requests>=2.25.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
requests>=2.25.0
pyyaml>=5.4.0
Confidence
95% confidence
Finding
pyyaml>=5.4.0

Known Vulnerable Dependency: requests — 10 advisory(ies): CVE-2014-1830 (Exposure of Sensitive Information to an Unauthorized Actor in Requests); CVE-2024-47081 (Requests vulnerable to .netrc credentials leak via malicious URLs); CVE-2024-35195 (Requests `Session` object does not verify requests after making first request wi) +7 more

High
Category
Supply Chain
Confidence
90% confidence
Finding
requests

Known Vulnerable Dependency: pyyaml — 8 advisory(ies): CVE-2019-20477 (Deserialization of Untrusted Data in PyYAML); CVE-2020-1747 (Improper Input Validation in PyYAML); CVE-2020-14343 (Improper Input Validation in PyYAML) +5 more

Critical
Category
Supply Chain
Confidence
98% confidence
Finding
pyyaml

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.