Back to skill

Security audit

Mp Publisher

Security checks across malware telemetry and agentic risk

Overview

This skill matches its stated WeChat draft-publishing purpose, but it deserves review because broad chat triggers can lead to external draft creation using stored account credentials without a clearly documented final approval step.

Install only if you intend to connect real WeChat public-account credentials and a DMX image API key. Use dedicated or low-risk credentials, verify the DMX API endpoint before running, avoid sharing logs from the WeChat test command, and manually confirm generated content before allowing draft creation or publishing anything publicly.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The documented trigger phrase “用户:今天写三篇” is very broad and resembles normal conversational input, which can cause the workflow to start unintentionally. In this skill’s context, unintended activation could launch multi-step automation involving external searches, image generation, and draft creation, causing unnecessary API use and unwanted content operations.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The selection trigger “用户:选题1、2、3” lacks documented context binding to a specific prior topic list or session state. Without strong context constraints, ordinary text or stale references could be interpreted as a command, leading the system to enqueue writing tasks for unintended topics or the wrong prior workflow state.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The trigger phrases are broad and overlap with ordinary writing requests such as asking to write articles or select topics, which can cause the skill to activate when the user did not explicitly intend to start a publication workflow. Because this skill can invoke multiple agents and ultimately create WeChat public-account drafts using configured credentials, unintended activation can lead to unauthorized external actions and content processing.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The description presents the skill as an article publishing workflow but does not clearly warn the user that it will use stored WeChat and image-generation credentials and create drafts in an external public-account system. This reduces informed consent and makes accidental use more dangerous, especially when paired with broad triggers and automated downstream actions.

Missing User Warnings

Medium
Confidence
81% confidence
Finding
The script appends a status marker directly to the user-supplied source article file without prior warning, confirmation, backup, or atomic write handling. In an agent or automation context, this can unexpectedly alter repository content or corrupt workflow state, especially if the file is treated as a source-of-truth artifact.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.