ClawHub

Zhy Wechat Writing

Security checks across malware telemetry and agentic risk

Overview

This skill is coherent for WeChat article creation, but it can upload generated drafts by default using sensitive publishing account credentials.

Install only if you are comfortable connecting this workflow to a real WeChat publishing account. Before running it, explicitly set `post_to_wechat` to false unless you are ready to upload a draft, keep `illustration_upload` false unless public CDN hosting is acceptable, protect `.env` secrets and Chrome profile directories, and review the generated HTML and images before any upload.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill can automatically upload rendered HTML content and embedded images to WeChat services, but it does not require an explicit user confirmation at the point of transmission or clearly warn that article body, images, metadata, and possibly source URLs leave the local environment. This creates a real privacy and data-handling risk, especially because the feature is enabled by default (`post_to_wechat: true`) and the workflow also rewrites images for remote hosting during draft upload.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill supports uploading generated illustrations to Qiniu CDN, but the description does not clearly disclose that locally generated or article-derived images may be transmitted to an external storage provider and replaced with public CDN URLs. That omission can cause users to expose sensitive visual content or unpublished article assets without realizing they are being sent off-platform.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal