Back to skill

Security audit

微信公众号文章保存

Security checks across malware telemetry and agentic risk

Overview

This skill mostly matches its article-saving purpose, but it also includes under-disclosed authority to delete Feishu table records and relies on external command-line tooling.

Install only if you are comfortable granting this workflow access to the intended Obsidian folder and Feishu table. Use least-privilege Feishu credentials, verify the external baoyu script path before use, and carefully review any matched record before confirming deletion.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The skill metadata describes saving articles and optional downstream actions, but the file also embeds a destructive Feishu record deletion workflow that is outside the declared purpose. Hidden or under-disclosed destructive capabilities are dangerous because users or orchestrators may grant Feishu access assuming only create/save behavior, while the skill can also delete records if prompted.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
This section introduces destructive deletion of Feishu records even though the skill's stated purpose is to save and optionally index WeChat articles. That mismatch increases the chance of accidental or unauthorized destructive actions, especially if broad Feishu table permissions are available and record lookup is based on title matching that may be ambiguous.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The workflow sends article metadata and potentially associated processing state to Feishu without any user-facing privacy or external-sharing warning. Even if the current implementation leaves '全文' blank, the skill still performs third-party data egress, and users may not realize article URLs, titles, and notes are being transmitted to an external SaaS platform.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.