Security audit

微信公众号写作发布助手

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed WeChat Official Account drafting workflow that can create draft-box entries when the user configures credentials and disables dry-run mode.

Install this only if you want a WeChat Official Account article drafting and draft-box upload workflow. Keep DRY_RUN=1 while testing, review generated JSON and images before upload, protect the .env file containing WeChat credentials, and use explicit wording when you only want writing without draft creation.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (4)

Vague Triggers

Medium

Confidence: 89% confidence
Finding: The manifest description is extremely broad and lists many loosely bounded triggers, which increases the chance the skill is invoked for adjacent tasks the user did not clearly intend. In a skill that can generate publication-ready content and initiate draft-upload workflows, ambiguous routing can cause unintended content transformation or progression toward remote actions without sufficient user awareness.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill describes creating real WeChat draft-box entries and operational setup steps, but it does not require an explicit user-facing confirmation immediately before performing the remote draft creation. In this context, the skill can move from content generation into an external state-changing action, so lack of a hard confirmation boundary raises the risk of unintended publication workflow changes in the user's connected account.

Vague Triggers

Medium

Confidence: 86% confidence
Finding: The default prompt uses broad natural-language triggers like 'write a public account article from a topic, link, or material' that overlap with common writing and summarization requests. Because this skill can also generate images and upload drafts to a WeChat official account, a generic user request could invoke a high-impact publishing workflow unintentionally, increasing the chance of unauthorized or surprising actions.

Vague Triggers

Medium

Confidence: 95% confidence
Finding: Enabling implicit invocation without tight trigger constraints allows the agent to auto-select this skill during ordinary writing, translation, or article-generation requests. In this skill's context, that is more dangerous because the skill is not limited to drafting text: it can generate media, add promotional content, prepare upload JSON, and send content to the WeChat draft box, creating a meaningful risk of unintended external side effects.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.