Mukun Md Push Wechat

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says: converts Markdown for WeChat and can create WeChat or Juejin drafts, but users should understand that push workflows send article content, images, and credentials to those platforms.

Install from the reviewed package or a pinned Git commit where possible. Before using push commands, review the Markdown and referenced local images because they will be sent to WeChat or Juejin draft services. Keep ~/.md_push_wechat/config.yaml private, restrict its file permissions, and do not commit it to a repository.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (12)

Context-Inappropriate Capability

Medium

Confidence: 92% confidence
Finding: The README tells an agent to fetch and install a remote SKILL.md directly from a GitHub raw URL, which causes the agent to trust and execute instructions that are outside the locally reviewed package. In an agent-skill context, this is dangerous because the remote content can change over time and may introduce arbitrary new instructions or code without user review.

Missing User Warnings

Medium

Confidence: 84% confidence
Finding: The README advertises automatic upload of local images and direct draft pushing, plus automatic cache writes into config.yaml, without a prominent warning that local files and metadata will be transmitted to third-party services and local configuration will be mutated. In an agent setting, that can lead to unintended exfiltration of local content or silent persistence of data the user did not expect to store.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The README instructs users to place WeChat app secrets and Juejin cookies into a config file but does not clearly warn about the sensitivity of those credentials, storage risks, or safe handling practices. If an agent or user stores these values in plaintext in shared directories, they may be exposed via logs, backups, repo commits, or local compromise.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The skill describes pushing article content and possibly local images to WeChat and Juejin, but it does not clearly warn that user content and media will be transmitted to third-party services. This weakens informed consent and can lead to accidental disclosure of unpublished, private, or sensitive material when users believe the operation is purely local conversion.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill instructs reading sensitive secrets from ~/.md_push_wechat/config.yaml, including Juejin cookies and WeChat credentials, without explicit guidance on secret handling. In agent environments, this increases the risk of over-collection, accidental logging, echoing secrets into output, or exposing credentials during troubleshooting and command construction.

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The example describes collecting Git commits, project/task data, and chat records for automated reporting without any privacy notice, consent boundary, or data-minimization guidance. In the context of an agent skill, this can normalize bulk ingestion of potentially sensitive internal data and lead users to expose proprietary or personal information to downstream systems without realizing the scope.

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The LLM summarization section instructs sending raw work records into an LLM prompt without warning that those records may leave the local environment or be retained by a third-party model provider. This is dangerous because raw commits, task cards, and related work artifacts often include internal project names, incident details, credentials by mistake, or other confidential business context.

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The Feishu webhook section presents automatic transmission of generated report content to a group chat without warning that the data is being sent to an external collaboration endpoint and potentially many recipients. In practice, automated reports can leak confidential project status, customer information, incident details, or internal planning data to broader audiences than intended.

Missing User Warnings

Medium

Confidence: 83% confidence
Finding: The article normalizes automatic collection of work data from sources like Git, project tools, and chat records, then summarizes and transmits it externally without warning about privacy, confidentiality, or disclosure boundaries. In the context of an automation/publishing skill, that omission is risky because users may operationalize the workflow and unintentionally send sensitive internal data to third-party LLMs or messaging platforms.

Missing User Warnings

Medium

Confidence: 80% confidence
Finding: The article describes aggregating Git commits, task data, and chat records for LLM processing and external delivery, but provides no warning about privacy, consent, redaction, or data-classification boundaries. In an agent skill context, this can normalize sending potentially sensitive internal data to third-party models or messaging platforms without adequate safeguards, increasing the risk of data leakage.

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The trigger list includes very broad terms such as “AI”, “技术”, “现代”, and “前沿”, which are common in normal conversation and can cause the skill to activate when the user did not specifically request Markdown-to-WeChat conversion or publishing. In an agent setting, overbroad activation can misroute user intent, invoke publishing-related capabilities unexpectedly, and increase the chance of unintended content transformation or draft-push actions.

Ssd 3

Medium

Confidence: 87% confidence
Finding: The workflow encourages broad collection from Git commits, project systems, and chat logs, followed by pushing a generated summary to a group chat, with no mention of filtering secrets, access controls, or least-data principles. In a skill that converts/publishes content, this increases the chance of over-collection and downstream leakage of internal project details, credentials accidentally committed to history, or sensitive operational context.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal