Back to skill

Security audit

WeChat MP Multi-Publisher

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says: it turns selected Markdown files into WeChat drafts, with optional public publishing when explicitly requested.

Install only if you intend to let an agent use WeChat MP credentials to create drafts or publish content. Start with --dry-run or draft-only mode, review Markdown image references before upload, protect the credentials file with restrictive permissions, avoid committing secrets, and use --publish or cron automation only after explicit review.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill description advertises publishing Markdown articles and auto-uploading local images, but it does not prominently warn that article contents and image files are transmitted to external services including WeChat and potentially Unsplash. This creates a real privacy and data-handling risk because users may provide sensitive drafts or local assets without understanding they will leave the local environment.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The CLI reference mentions a `--publish` flag that can immediately trigger publication, but the file does not present this as a prominent irreversible or high-impact action. A user could unintentionally publish unfinished, incorrect, or sensitive content directly to a public WeChat account, causing reputational or confidentiality harm.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The setup guide instructs users to place WeChat app credentials in environment variables or a plaintext file under ~/.config without any warning about file permissions, secret rotation, shell history, or accidental inclusion in logs/backups. While this is common operational guidance, it can expose long-lived API secrets to other local users, CI logs, or compromised processes if implemented insecurely.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.env_credential_access, suspicious.potential_exfiltration

Environment variable access combined with network send.

Critical
Code
suspicious.env_credential_access
Location
scripts/publish.mjs:19

Sensitive-looking file read is paired with a network send.

Warn
Code
suspicious.potential_exfiltration
Location
scripts/publish.mjs:92