Archive Wechat Article

Security checks across malware telemetry and agentic risk

Overview

This skill is a straightforward WeChat article archiving workflow, with the main caution that it can update knowledge-base and memory files.

Install this only if you want the agent to help archive WeChat articles into local knowledge files and long-term memory. Review any generated archive and MEMORY.md edits, and avoid using it for private, paywalled, sensitive, or unauthorized content.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Vague Triggers

Medium

Confidence: 95% confidence
Finding: The skill's activation criteria are very broad ('when the user needs to archive WeChat public account articles' or obtain full content), with no constraints on scope, authorization, source trust, or content sensitivity. This can cause the agent to trigger on loosely related requests and perform browser-based collection and long-term storage of third-party content, increasing the risk of unauthorized data capture, copyright issues, and unintended persistence of sensitive information.

Vague Triggers

Medium

Confidence: 90% confidence
Finding: The eval prompts are very broad, high-confidence natural-language requests that can match many ordinary user messages about archiving WeChat articles. This increases the chance the skill is invoked outside a tightly scoped context, which can cause unintended browser use, file updates, and long-term memory modifications based on ambiguous or insufficiently verified user intent.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal