Yq Weixin Connect

Security checks across malware telemetry and agentic risk

Overview

This skill appears intended to connect a personal WeChat account, but it installs and replaces a local OpenClaw extension and stores long-lived WeChat credentials without enough user-facing control or cleanup guidance.

Install only if you intentionally want this agent to bind and operate a personal WeChat account through OpenClaw. Review the npm package source and exact version before use, back up any existing openclaw-weixin extension state, and be prepared to remove ~/.openclaw/openclaw-weixin/accounts entries or revoke the WeChat session if you no longer want the connection.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill instructs the agent to persist long-lived authentication material (`bot_token`, `baseUrl`, `userId`) into predictable files under the user's home directory without any user-facing disclosure, consent, rotation guidance, or cleanup procedure. Even though file mode 0600 is applied to the account file, the workflow still creates durable local secrets that could be exposed to other local processes, backups, logs, or later agent actions.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal