ClawHub

Wechat AutoPublish

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed WeChat draft-publishing helper, with credential and token-handling risks users should manage carefully.

Install only if you intend to let the skill use WeChat AppID/AppSecret credentials to create drafts and upload selected images. Keep config.json and .tokens out of source control, restrict their file permissions, review article HTML and image paths before running, and monitor or remove any cron jobs you create.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
87% confidence
Finding
The trigger guidance '当用户请求发布到微信时' is overly broad and lacks constraints on what content, files, or accounts may be used. In an agent setting, this can cause the skill to activate on ambiguous requests and perform sensitive actions such as using stored credentials, reading local files, or publishing content without sufficiently explicit user intent.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The example trigger phrases are broad operational requests such as publishing articles, uploading images, and scheduling recurring posts, but they do not define boundaries, authorization checks, or confirmation requirements. This increases the chance of over-triggering and of the agent taking impactful actions on user content or local files based on loosely matched language.

Credential Access

High
Category
Privilege Escalation
Content
'expires_at': self.token_expiry
            }, f)

        print(f"✅ Access Token 获取成功")
        return self.access_token

    async def upload_image(self, image_path: str, is_thumb: bool = False) -> dict:
Confidence
94% confidence
Finding
Access Token

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal