微信聊天记录知识卡片提取工具

Security checks across malware telemetry and agentic risk

Overview

The skill is not malicious, but it analyzes private WeChat exports and can turn them into persistent customer profiles, training data, and Feishu records without enough consent, scoping, or retention safeguards.

Install only if you deliberately want selected WeFlow chat exports analyzed. Use exact file paths, remove unrelated or sensitive conversations first, confirm you have authority or consent to process the chats, review and redact outputs before any Feishu upload, and check Feishu workspace permissions plus retention and deletion plans before storing generated profiles or training data.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (9)

Context-Inappropriate Capability

Medium

Confidence: 89% confidence
Finding: The documentation explicitly directs shell-based reading of chat-export files. Using shell commands for file ingestion increases risk of unsafe path handling, overbroad file access, and accidental processing of unrelated sensitive files if variables or wildcards are misused.

Vague Triggers

Medium

Confidence: 83% confidence
Finding: The trigger scenarios are broad enough that the skill could be invoked for many chat-analysis situations without a clear, narrow boundary. In a privacy-sensitive skill handling personal conversations and customer profiles, broad triggering materially raises the chance of unintended activation and overcollection.

Missing User Warnings

High

Confidence: 96% confidence
Finding: The skill is designed to process WeChat chat records, derive customer profiles, and write results to Feishu, but it omits clear warnings about sensitive personal data, third-party transfer, and retention. This is dangerous because users may unknowingly authorize large-scale profiling and external persistence of private conversations.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The instructions tell the operator to directly read local WeChat export JSON files without warning that these files can contain highly sensitive personal and business communications. That omission increases the likelihood of accidental exposure, especially if the wrong directory or multiple exports are processed at once.

Missing User Warnings

High

Confidence: 97% confidence
Finding: The step instructing storage into Feishu lacks any warning that the extracted content will be transmitted to an external service and persist there. Because the output includes customer details, needs, preferences, and communication history, this creates a significant confidentiality and compliance risk.

Missing User Warnings

Medium

Confidence: 75% confidence
Finding: The script writes chat-derived content, including participant names and keyword statistics, to a local Markdown file without any warning, consent flow, minimization, or privacy notice. In this skill context, the input is WeChat chat history and may contain sensitive personal or business data, so creating a secondary artifact increases exposure, retention, and accidental disclosure risk.

Ssd 3

Medium

Confidence: 95% confidence
Finding: The skill plainly instructs transforming personal conversations into a knowledge base, customer profiles, and AI-training material. In this context, the natural-language workflow itself encourages broad extraction, retention, and repurposing of sensitive interpersonal data beyond the original context of the chats.

Ssd 3

Medium

Confidence: 96% confidence
Finding: The extraction dimensions explicitly call for names, needs, preferences, decision factors, and relationship history from chat logs. This materially increases privacy risk because it systematizes sensitive profiling and makes the resulting dataset easier to search, share, and misuse than the original chats.

Ssd 3

Medium

Confidence: 94% confidence
Finding: The knowledge-card template directs persistent recording of communication style and historical interaction summaries from WeChat conversations. Persisting these distilled behavioral summaries creates a durable secondary record of private data that may outlast the original chats and be reused for profiling or training.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal