WeChat Browser Reader

Security checks across malware telemetry and agentic risk

Overview

This skill is a focused guide for reading user-provided WeChat articles through an isolated Chrome debugging session, with a privacy caution around browser access.

Use this only with a dedicated temporary Chrome profile, as shown in the instructions. Do not connect it to your normal signed-in browser or open sensitive accounts in that debugging session, and close the remote-debugging browser when finished.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 92% confidence
Finding: The skill requires attaching to a live Chrome instance over the remote debugging interface and reading page content from that browser session, but the description does not clearly warn users about this trust boundary or privacy implication. Because a remote-debuggable browser may expose other tabs, cookies, and authenticated session data, users could invoke the skill without understanding that it operates through a powerful browser-control channel rather than a limited fetcher.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal