Back to skill

Security audit

charmia-test-0428-01

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only WeChat Pay integration skill with some payment-security caveats in examples, but no hidden execution, persistence, or data exfiltration behavior.

Install is reasonable if you want WeChat Pay delegated-deduction documentation and review checklists. Because it covers live payment flows, verify examples against current official WeChat Pay docs, use HTTPS callback URLs in production, validate callback signatures and amounts, and never paste API keys, private keys, certificates, or production secrets into the chat.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Intent-Code Divergence

Medium
Confidence
93% confidence
Finding
The document gives contradictory security-relevant guidance about IP allowlisting: earlier it lists specific callback/notification source IPs, but later states delegated deduction has no IP whitelist. In a troubleshooting skill, this inconsistency can cause operators to disable or misconfigure network filtering, potentially exposing callback endpoints to spoofed traffic or causing legitimate notifications to be blocked.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The example explicitly uses an HTTP `notify_url`, which allows callback traffic to be intercepted or modified in transit if adopted by integrators. In a payment-signing flow, insecure transport on asynchronous notifications can expose contract status data and enable spoofed or tampered callback delivery unless developers separately implement strict signature verification and transport protections.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The document instructs implementers to rely on two asynchronous callbacks for payment and contract-signing results, but it does not mention validating callback authenticity, protecting callback endpoints, or minimizing exposed user/payment data. In a payment integration context, this omission can lead developers to implement insecure webhook handling, enabling forged notifications, payment state tampering, or privacy leaks.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.exposed_secret_literal

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
references/1-商户/接入指南/签名与验签规则.md:201

File appears to expose a hardcoded API secret or token.

Critical
Code
suspicious.exposed_secret_literal
Location
references/2-服务商/接入指南/签名与验签规则.md:197