Wechat Automation

Security checks across malware telemetry and agentic risk

Overview

This skill is coherent for WeChat automation, but it asks for sensitive message-monitoring and account-action authority without enough boundaries or reviewed implementation details.

Review carefully before installing or paying. Only use it if you can inspect the full scripts, restrict which chats are monitored, require confirmation before replies or forwarding, and know exactly where exported or forwarded messages are stored and who can access them.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill explicitly advertises monitoring, exporting, summarizing, and forwarding WeChat messages, but provides no privacy, consent, retention, or data-handling warnings. This can lead users to deploy automation against sensitive personal or business communications without understanding legal, compliance, or confidentiality risks, especially because the tool processes real message content at scale.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal