ClawHub

wx-md-article

Security checks across malware telemetry and agentic risk

Overview

The skill mostly does what it claims, but it ships real-looking WeChat credentials and can upload user article content to an unclear configured account.

Review before installing. Do not use upload mode until you replace the bundled WeChat credentials with your own, confirm exactly which official account receives drafts, and avoid uploading confidential Markdown or images. If those credentials belong to you, rotate the app secret because it is exposed in the package.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (6)

Missing User Warnings

Medium
Confidence
78% confidence
Finding
The delete_draft function performs an irreversible remote deletion using only a media_id and provides no confirmation, guardrail, or dry-run behavior. In an agent or automation context, this increases the risk of accidental or unauthorized content removal, especially if inputs are wrong or manipulated.

External Transmission

Medium
Category
Data Exfiltration
Content
local access_token=$1
    local image_path=$2
    
    curl -s "https://api.weixin.qq.com/cgi-bin/material/add_material?access_token=$access_token&type=image" \
        -F "media=@$image_path"
}
Confidence
82% confidence
Finding
curl -s "https://api.weixin.qq.com/cgi-bin/material/add_material?access_token=$access_token&type=image" \ -F "media=@$image_path" } # 添加草稿 add_draft() { local access_token=$1 local js

External Transmission

Medium
Category
Data Exfiltration
Content
local appid=$(get_config "appid")
    local appsecret=$(get_config "appsecret")
    
    local response=$(curl -s "https://api.weixin.qq.com/cgi-bin/token?grant_type=client_credential&appid=$appid&secret=$appsecret")
    echo "$response" | jq -r '.access_token'
}
Confidence
84% confidence
Finding
https://api.weixin.qq.com/

External Transmission

Medium
Category
Data Exfiltration
Content
local access_token=$1
    local image_path=$2
    
    curl -s "https://api.weixin.qq.com/cgi-bin/material/add_material?access_token=$access_token&type=image" \
        -F "media=@$image_path"
}
Confidence
82% confidence
Finding
https://api.weixin.qq.com/

External Transmission

Medium
Category
Data Exfiltration
Content
local access_token=$1
    local json_file=$2
    
    curl -s -X POST "https://api.weixin.qq.com/cgi-bin/draft/add?access_token=$access_token" \
        -H "Content-Type: application/json" \
        --data-binary @"$json_file"
}
Confidence
82% confidence
Finding
https://api.weixin.qq.com/

External Transmission

Medium
Category
Data Exfiltration
Content
local access_token=$1
    local media_id=$2
    
    curl -s -X POST "https://api.weixin.qq.com/cgi-bin/draft/delete?access_token=$access_token" \
        -H "Content-Type: application/json" \
        -d "{\"media_id\":\"$media_id\"}"
}
Confidence
86% confidence
Finding
https://api.weixin.qq.com/

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal