ClawHub

Wechat Bot Starter

Security checks across malware telemetry and agentic risk

Overview

This is a coherent WeChat bot starter, but it includes chat monitoring, automated posting, message forwarding, and external AI processing without enough privacy or control guidance.

Review before installing or copying into production. Use a dedicated test or business WeChat account, restrict the bot to approved chats, add allowlists and confirmations for outbound messages, rate-limit sends, document participant consent, and do not forward chat content to OpenClaw or any API unless the endpoint is authenticated, protected, and has clear data-handling rules.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill includes a message-forwarding template that sends user chat content to a target group based on a prefix command, but it provides no user notice, consent flow, or warning that content will be disclosed to additional recipients. In a WeChat bot context, users may reasonably assume they are messaging one bot or one conversation, so silent redistribution of messages can expose private or sensitive information.

Missing User Warnings

High
Confidence
97% confidence
Finding
The OpenClaw integration sends raw message text and a user identifier to an HTTP API without any privacy warning, consent, minimization, or security discussion. This creates a real privacy and data-handling risk because personal chat content and identifiers may be processed, stored, or exposed by downstream systems, especially if the endpoint is not protected or if operators deploy it beyond localhost.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal