ClawHub

Weixin Multi-Agent Router|微信多 Agent 路由

Security checks across malware telemetry and agentic risk

Overview

This is a non-executable design skill for routing one Weixin account across multiple agents, with some command-safety cautions but no hidden or malicious behavior.

Safe to install as a design/reference skill. Before using it in a live Weixin router, make command parsing exact or prefixed, require confirmation for reset commands, limit retained recent history, and tell users when summaries are shared between agents.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The status triggers include very common conversational phrases such as "你是谁" and "现在是谁", which can plausibly appear in normal conversation and be misinterpreted as router commands. In a multi-agent Weixin router, accidental invocation can disclose routing state or interrupt the expected conversational flow, making this a genuine prompt-trigger design weakness even without malicious intent.

Vague Triggers

Medium
Confidence
94% confidence
Finding
Reset commands like "重置当前", "清空当前上下文", and especially templated forms like "清空{agent}" are short and action-oriented, with no indication of confirmation or stricter trigger boundaries. In this skill's context, these commands can erase per-agent session state and summaries, so accidental or adversarial triggering could cause loss of context, disrupted handoff, and denial of service against the user's ongoing work.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The documentation presents reset and context-clearing commands without warning that they may erase conversation state or affect handoff continuity. In a multi-agent routing system with session isolation, users may not realize that these commands are destructive, increasing the likelihood of accidental data loss and operational confusion.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal