ClawHub

WeChat Publisher 微信公众号发布

Security checks across malware telemetry and agentic risk

Overview

This skill does publish WeChat drafts as described, but it stores WeChat account secrets in a plaintext local config file without strong protection or warning.

Install only if you intend to let this skill use WeChat official-account credentials and upload selected article content/images to WeChat. Prefer passing credentials at runtime instead of using --save-config; if you do save them, protect and exclude artifact/scripts/.wechat-config.json from backups and version control. Review the generated draft and remove or customize the fixed “有用AI” footer and disclaimer rule if they do not match your account.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The script stores WeChat AppID and AppSecret in a local JSON file, creating persistent credential exposure on disk. In a skill whose expected role is publishing drafts, persisting secrets is an unnecessary expansion of responsibility and increases the chance of accidental disclosure through backups, repo inclusion, multi-user systems, or weak file permissions.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
Writing AppID and AppSecret to a local config file without a strong warning causes sensitive credentials to be retained in plaintext with no visible protection. This is dangerous because users may not realize the secret persists after execution, and any local compromise, shared workstation, backup leak, or accidental file publication can expose the account.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal