Security audit

charmia-test-0428-01

Security checks across malware telemetry and agentic risk

Overview

This is a documentation-only WeChat Pay integration skill with some payment-security caveats in examples, but no hidden execution, persistence, or data exfiltration behavior.

Install is reasonable if you want WeChat Pay delegated-deduction documentation and review checklists. Because it covers live payment flows, verify examples against current official WeChat Pay docs, use HTTPS callback URLs in production, validate callback signatures and amounts, and never paste API keys, private keys, certificates, or production secrets into the chat.

SkillSpector

By NVIDIA

Vulnerability Patterns

MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (3)

Intent-Code Divergence

Medium

Confidence: 93% confidence
Finding: The document gives contradictory security-relevant guidance about IP allowlisting: earlier it lists specific callback/notification source IPs, but later states delegated deduction has no IP whitelist. In a troubleshooting skill, this inconsistency can cause operators to disable or misconfigure network filtering, potentially exposing callback endpoints to spoofed traffic or causing legitimate notifications to be blocked.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The example explicitly uses an HTTP `notify_url`, which allows callback traffic to be intercepted or modified in transit if adopted by integrators. In a payment-signing flow, insecure transport on asynchronous notifications can expose contract status data and enable spoofed or tampered callback delivery unless developers separately implement strict signature verification and transport protections.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The document instructs implementers to rely on two asynchronous callbacks for payment and contract-signing results, but it does not mention validating callback authenticity, protecting callback endpoints, or minimizing exposed user/payment data. In a payment integration context, this omission can lead developers to implement insecure webhook handling, enabling forged notifications, payment state tampering, or privacy leaks.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.exposed_secret_literal

File appears to expose a hardcoded API secret or token.

Critical

Code: suspicious.exposed_secret_literal
Location: references/1-商户/接入指南/签名与验签规则.md:201

File appears to expose a hardcoded API secret or token.

Critical

Code: suspicious.exposed_secret_literal
Location: references/2-服务商/接入指南/签名与验签规则.md:197