wechat article formatter pro

Security checks across malware telemetry and agentic risk

Overview

This looks like a real WeChat article formatter, but it should be reviewed because it silently runs local Python and an unvalidated theme path can read unintended local files.

Install only if you are comfortable with the skill creating local Markdown and HTML files and running its Python formatter. Use only the listed theme filenames, do not pass arbitrary paths as themes, and review generated files for sensitive draft content before sharing the HTML.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration

Findings (4)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 88% confidence
Finding: The skill instructs the agent to write generated content to a local file (`draft_article.md`) and later produce an HTML artifact, yet no explicit permissions or user-facing disclosure are declared. This creates an undeclared file-system side effect that can surprise users and weaken sandbox/policy enforcement, especially if the skill is auto-invoked on broad requests.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 93% confidence
Finding: The skill advertises AI polishing and Markdown completion, but the documented behavior includes local file writes, command execution, and returning a local preview path—capabilities with higher risk than the description suggests. This mismatch can cause users or orchestrators to grant trust or invoke the skill in situations where they would not have consented to code execution or local artifact generation.

Vague Triggers

Medium

Confidence: 80% confidence
Finding: The trigger description is broad enough that the skill could activate on loosely related writing or formatting requests, increasing the chance of unintended execution of its workflow. In this skill's context, that matters because activation can lead to file creation and command invocation rather than a purely conversational formatting response.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The instructions explicitly require silent terminal execution and writing files without warning the user about data modification or artifact creation. Hidden execution and undisclosed file output reduce user visibility and can mask harmful behavior, accidental overwrites, or processing of sensitive content into local files.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal