ClawHub

微信搜索

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed WeChat video search helper that uses a private guaikei.com token and saves local result logs, with no evidence of hidden exfiltration or destructive behavior.

Install only if you are comfortable sending WeChat search keywords to guaikei.com using your GUAIKEI_API_TOKEN and having successful search results saved locally under the skill's logs directory. Treat the current version as a video-search tool despite broader article/image wording.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
83% confidence
Finding
The skill requires access to the GUAIKEI_API_TOKEN environment variable but does not declare that capability explicitly. Hidden or undeclared environment access weakens transparency and consent, and can lead to accidental exposure or unauthorized use of sensitive credentials by the skill runtime.

Tp4

High
Category
MCP Tool Poisoning
Confidence
94% confidence
Finding
The documented behavior materially differs from the actual behavior: it claims broad WeChat article/video/image search, but appears to support only video search, writes logs locally, and depends on an external guaikei.com tokenized service. This mismatch prevents informed consent and can cause users to expose sensitive search terms or credentials to a third-party workflow they did not reasonably expect.

Vague Triggers

Medium
Confidence
74% confidence
Finding
The trigger rules are broad enough to activate on ordinary requests about WeChat updates or trends, which increases the chance of unintended tool invocation. Overbroad activation can leak user queries to the external service, consume private tokens, and create local logs without a sufficiently clear user intent to use this specific skill.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill states that logs are automatically saved, but it does not clearly warn that user search queries and associated results will be written to local files. Search terms may contain sensitive business, personal, or investigative topics, so silent persistence creates avoidable privacy and data-retention risk.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The script writes the full search output, including the user-supplied keyword and all returned results, to a local JSON file by default. In a search tool context, these artifacts can contain sensitive research terms or retrieved content metadata and may persist on disk without the user's awareness, creating unnecessary data exposure risk on shared systems or in agent environments.

VirusTotal

59/59 vendors flagged this skill as clean.

View on VirusTotal