Security audit

WeChat Mini Program CLI Debug

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate WeChat debugging skill, but it gives an agent broad live-app control and optional admin log access, so it should be reviewed before installation.

Install only if you trust the separate `vince-mp` CLI and intend to let an agent control a live WeChat Mini Program runtime. Prefer dev/test environments, avoid giving broad admin tokens, confirm before production log access, and use mutation/mocking/network/media commands only for explicit debugging tasks.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (5)

Description-Behavior Mismatch

High

Confidence: 96% confidence
Finding: The contract explicitly exposes powerful state-mutating and instrumentation actions such as setPageData, storage mutation, network/media hooks, and method mocking that go beyond passive runtime inspection. In an agent setting, these capabilities can alter app behavior, tamper with local state, influence test outcomes, or trigger sensitive side effects if invoked outside tightly scoped user approval.

Context-Inappropriate Capability

Medium

Confidence: 93% confidence
Finding: The env/token/logs capabilities introduce administrative backend access that is unrelated to local Mini Program runtime debugging and expands the trust boundary from local UI inspection into privileged server-side data access. If an agent can switch environments or use bearer tokens, it may retrieve sensitive operational logs or interact with production-oriented admin endpoints without a strong need for the stated skill purpose.

Context-Inappropriate Capability

Medium

Confidence: 87% confidence
Finding: The media command supports actions including camera-probe, camera-mock, and restore, which are more invasive than ordinary DevTools runtime debugging and can manipulate device/media behavior. Even if framed as test support, these actions can interfere with application flows, simulate privileged inputs, or access media-related functionality that users may not expect from a debugging helper.

Description-Behavior Mismatch

Medium

Confidence: 91% confidence
Finding: The documentation expands the skill from live WeChat Mini Program runtime debugging into backend environment switching and server log retrieval. That materially broadens operational scope and can enable access to non-local systems and potentially sensitive backend data, which is not clearly justified by the stated skill purpose.

Context-Inappropriate Capability

High

Confidence: 96% confidence
Finding: The file documents admin-token-backed access to server error logs via `VINCE_MP_ADMIN_TOKEN` or `env token`, which introduces privileged backend access beyond ordinary front-end debugging. If exposed or misused, this capability could disclose sensitive operational data, user-linked logs, request metadata, or internal errors, making the skill substantially more dangerous than its declared WeChat DevTools scope suggests.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal