ClawHub

Baoyu Post To Wechat

Security checks across malware telemetry and agentic risk

Overview

This skill is aimed at WeChat posting, but it asks agents to handle account credentials and persistent configuration without enough scoping or secret-safety guidance, and its docs reference scripts that are not included.

Review carefully before installing. Use a dedicated WeChat account or isolated Chrome profile, avoid storing AppSecret in project files, exclude .baoyu-skills and any .env containing secrets from source control, and require a manual check of the target account, content, images, and draft action before allowing API or browser posting.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The skill advertises very broad trigger phrases such as '发布公众号', 'post to wechat', and generic article/image-text terms without any clear exclusion criteria or confirmation threshold. In an agent setting, this can cause unintended invocation and publication workflows to activate for loosely related user requests, increasing the risk of accidental data disclosure or unwanted posting to an external platform.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs collecting AppID and AppSecret from the user and writing them into project or home-directory .env files, but it does not clearly warn that these are sensitive secrets that must be protected from source control, logs, and other users on the system. This can lead to credential exposure through accidental commits, overly broad file permissions, or unsafe workspace sharing.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The setup flow instructs the agent to create directories and write an EXTEND.md file in either the project or the user's home directory, but it does not require an explicit consent step immediately before modifying the filesystem. In an agent context, implicit writes to project or home-scoped paths can surprise users, overwrite existing configuration, or persist data beyond the current task, which makes this a real security/usability risk even if the intent is configuration setup.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The document recommends an API-based publishing method that requires AppID and AppSecret, and later shows a template that stores app_secret in EXTEND.md, but it does not warn users that this places sensitive credentials in plaintext configuration. In this skill's context, those secrets enable access to a WeChat Official Account, so storing them without prominent guidance on secure handling increases the risk of credential leakage via source control, backups, shared workspaces, or other local compromise.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal