ClawHub

Wechat HTML Publisher

Security checks across malware telemetry and agentic risk

Overview

This skill does what it claims: it uploads a user-selected HTML article and its images to a WeChat Official Account draft, but users should review content before publishing.

Install only if you intend to let this tool use your WeChat Official Account credentials to upload the chosen HTML, cover image, and all referenced images to WeChat. Review HTML first, especially absolute local paths and remote image URLs, and keep the WeChat app secret out of repos, logs, screenshots, and shared shells.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The script automatically fetches arbitrary remote image URLs referenced in HTML, which gives the skill outbound network-fetch capability beyond simple publishing. This can be abused for SSRF-style access to internal services, cloud metadata endpoints, or other unintended hosts if an attacker can influence the HTML input.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README states that images are automatically uploaded to WeChat-hosted storage, but it does not clearly warn users that article assets and potentially sensitive content will be transmitted to an external third-party service. This can cause unintentional data disclosure, especially when users assume the tool only performs local HTML processing and are unaware that embedded content leaves their environment.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill says images in HTML are 'automatically uploaded' but does not present this as a clear security/privacy warning, especially for remote URLs and absolute local paths. This can cause unintended exfiltration of local or third-party image content to WeChat when users publish HTML they did not fully audit.

Missing User Warnings

Low
Confidence
88% confidence
Finding
The setup instructions tell users to export app credentials but do not warn that these secrets authenticate publication actions and must be protected. This increases the chance of unsafe handling, accidental disclosure in shell history, screenshots, or shared environments, which could enable unauthorized use of the associated WeChat account.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The tool silently performs outbound requests for embedded remote images found in the HTML, which may surprise users and can leak network metadata or trigger requests to attacker-controlled infrastructure. In combination with untrusted HTML input, this broadens the attack surface beyond straightforward content upload.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal