ClawHub

wechat mp draft

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says by helping create WeChat Official Account drafts, but users must handle WeChat credentials and tokens carefully.

Install only if you intend to connect a WeChat Official Account. Keep config.sh private, do not paste or log access tokens, review the article HTML and cover image before running the scripts, and use a restricted IP allowlist or test account where possible.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
89% confidence
Finding
The skill invokes shell scripts to obtain access tokens, upload media, and create drafts, but it does not declare corresponding permissions or clearly surface these capabilities. This can bypass user expectations and platform governance, increasing the risk of unauthorized command execution or unnoticed external actions.

Vague Triggers

Medium
Confidence
78% confidence
Finding
Broad trigger phrases like '微信文章' or '公众号发文' may match ordinary writing requests and invoke the skill when the user did not intend to send content to an external publishing workflow. This raises the chance of accidental activation and unintended transmission of article content or use of configured credentials.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill requests AppID/AppSecret and processes article content for transmission to external WeChat APIs, but it does not provide a clear warning that credentials and content will leave the local environment. This can lead users to expose sensitive credentials, unpublished content, or internal materials without informed consent.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The script places the WeChat access token directly in the request URL query string. Even though HTTPS is used, URL-based credentials can be exposed through shell history, process listings, proxy/server logs, debugging output, or monitoring systems, making this a real credential-handling weakness.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script requires the WeChat access token as a positional command-line argument, which can expose the credential through shell history, process listings, audit logs, or job runners. In this skill’s context, that token grants access to the公众号 backend API, so unintended disclosure could allow unauthorized content or media operations.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal