ClawHub

微信支付接入skill

Security checks across malware telemetry and agentic risk

Overview

This skill is mostly coherent for WeChat Pay support, but its troubleshooting flow asks users to share live payment API authorization material in chat without enough warning or scoping.

Review carefully before installing. Use test or least-privilege WeChat Pay credentials where possible, avoid sharing production Authorization headers or full signature output in chat, and prefer running signing and API calls locally while returning only sanitized status codes, request IDs, and error bodies.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly instructs users to paste a full Authorization header or raw signing components (serial_no, timestamp, nonce_str, signature) back into the chat. Even if these values are short-lived, they are authentication material tied to a privileged payment API request and may be logged, retained, or exposed through the assistant channel, creating credential-handling and replay risk. In a payment-integration troubleshooting context, asking for live auth artifacts makes the workflow more dangerous because the data directly enables API invocation and may normalize unsafe secret-sharing practices.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The workflow tells the developer to run a local signing command over an API certificate file and then return the resulting signature block, but it provides no explicit warning that the certificate, merchant identifier, and produced auth data are sensitive. While the private key operation remains local, the skill still operationalizes handling of payment credentials and funnels derived authentication material back through the assistant, increasing the chance of accidental exposure or misuse. In this context, the lack of security guidance is especially risky because the task involves production payment certificates.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal