ClawHub

微信支付商品券接入skill

Security checks across malware telemetry and agentic risk

Overview

This is a coherent WeChat Pay coupon integration skill, but it asks for sensitive payment authorization artifacts and user coupon identifiers in chat and includes live API scripts/examples, so it should be reviewed carefully before use.

Install only if you are comfortable using it for a payment/coupon integration. Use test credentials first, avoid pasting private keys, tokens, full signatures, full OpenIDs, or coupon codes into chat, run diagnostic scripts locally where secrets stay on your machine, and redact response bodies, headers, and coupon codes from logs before adapting the examples for production.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (5)

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The custom error string includes the full HTTP response body and all headers, which can expose sensitive data such as request identifiers, tokens, PII, or decrypted business details if the error is logged or surfaced to operators. In a payment integration context, verbose error propagation is more dangerous because upstream services often return transaction metadata and identifiers that should be minimized in logs.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The sample prints the full response object directly to stdout, and the response/request flow in this skill handles coupon code material such as successCodeList, failedCodeList.couponCode, alreadyExistCodeList, and duplicateCodeList. In real integrations, stdout often ends up in application logs, CI logs, or centralized logging systems, which can expose redeemable coupon codes or sensitive business identifiers to operators and attackers with log access.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The index prominently lists runnable examples for sensitive actions such as creating coupons, issuing them to users, redeeming them, deactivating them, and setting callback endpoints, but it does not warn readers to use a sandbox/test environment, verify target merchant/brand identifiers, or avoid production credentials. In a payment/coupon integration skill, this omission increases the chance that users will copy and run examples against live systems, causing unintended coupon issuance, redemption, deactivation, or misconfiguration of notification URLs.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The guide explicitly instructs operators to collect highly sensitive authentication material, including API certificate serial numbers, WeChat Pay public key IDs, signatures, timestamps, nonces, and user identifiers, and to reuse some of it across the session. Even if intended for troubleshooting, requesting secrets in-chat without minimization or a warning against sharing private keys/tokens normalizes unsafe handling and increases the chance of credential leakage, replay assistance, or broader account compromise.

Ssd 3

High
Confidence
98% confidence
Finding
This section makes sensitive credential material and user-identifying data a mandatory prerequisite for troubleshooting and states that identity configuration parameters may be reused within the same conversation. In an LLM-mediated support context, that materially raises exposure risk because the conversation becomes a collection point for authentication artifacts and personal/payment-linked identifiers that are not safely isolated from the assistant workflow.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal