Back to skill

Security audit

Wecom Add Friend

Security checks across malware telemetry and agentic risk

Overview

This skill largely does what it claims, but it can bulk-send WeCom friend requests through the user's logged-in corporate account and has unsafe GUI fallbacks that may click or type in the wrong place.

Review before installing. Use only authorized phone lists and an account where bulk outreach is permitted. Avoid running setup or add operations unless you are comfortable with GUI automation that can send real WeCom friend requests, and prefer a revised version that fails closed when the WeCom window is not positively identified and requires explicit confirmation before sending.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill invokes a Python script through a shell command and, per the detected capabilities, can read and write files, but it declares no permissions or equivalent safety metadata to make those capabilities explicit. This creates a transparency and consent problem: users or hosting platforms may execute a skill with automation and local-system effects they were not clearly informed about, which is especially relevant for a GUI automation workflow that can modify application state and local configuration.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
If the script cannot identify the Enterprise WeCom window, it falls back to the first visible non-minimized window and then performs automated clicks and typing. In a GUI automation skill, this can redirect phone numbers, Enter presses, and button clicks into unrelated applications, causing unintended messaging, data entry, or destructive actions outside the intended app.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill warns about rate limits and window visibility, but it does not explicitly warn that running it will automate GUI interactions in the Enterprise WeCom desktop client to send bulk friend requests. Without that disclosure, a user may trigger actions that message or contact third parties from their logged-in corporate account, creating account abuse, compliance, and reputational risks if the command is misunderstood or misused.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill automatically sends friend requests after only a timed notice rather than requiring explicit confirmation immediately before execution. In an automation tool that can contact external users in bulk, this increases the chance of accidental mass actions, unintended outreach, or policy-violating behavior if inputs or focus are wrong.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
When expected UI elements are not found, the script falls back to hard-coded screen coordinates and clicks them without verifying the active window or warning the user. In desktop automation, this can trigger arbitrary buttons in the wrong app or screen location, leading to misdirected actions, data loss, or unauthorized operations.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.