Back to skill

Security audit

添加飞书机器人

Security checks across malware telemetry and agentic risk

Overview

This skill appears purpose-built for managing OpenClaw Feishu agents, but it handles credentials and persistent admin changes in a way users should review carefully before installing.

Install only if you intend this skill to have administrative control over OpenClaw agent configuration under /home/admin. Do not paste real Feishu App Secrets into shared chat or shell history; prefer adapting the script to read secrets from a protected environment variable, masked prompt, or secrets manager, and verify openclaw.json permissions. Review the hardcoded Feishu group binding before use, and back up OpenClaw configuration and workspaces before creating or deleting agents.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger condition is broad enough to match common user requests about creating, deleting, or listing agents, which increases the chance of unintended activation for a skill that performs administrative actions. In this context, accidental invocation is risky because the documented actions can modify configuration, create service identities, or remove existing agents.

Missing User Warnings

High
Confidence
97% confidence
Finding
The documentation instructs users to pass the App Secret directly on the command line and includes examples showing a secret value inline. Command-line secrets are commonly exposed through shell history, process listings, logs, and agent transcripts, making credential leakage likely in real deployments.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The skill documents destructive and service-affecting operations such as deleting agents and restarting the gateway without requiring safety prompts, confirmation steps, or rollback guidance. In an agent-admin skill, this increases the risk of accidental deletion, service disruption, and configuration mistakes that affect all users of the system.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The script accepts an app secret on the command line and persists it into a JSON config file, exposing sensitive credentials in two ways: command-line arguments may be visible via process listings or shell history, and the stored secret may be readable by other local users or backups if file permissions are weak. In this context, those credentials enable integration with Feishu, so compromise could allow unauthorized API access or impersonation of the agent's service account.

Ssd 3

Medium
Confidence
93% confidence
Finding
The example commands embed an application secret directly in sample usage, which can normalize unsafe credential practices and cause operators or downstream agents to copy, repeat, or store secrets in plaintext. In an LLM-driven environment, exposed examples are especially risky because they may be echoed in responses, logs, or generated commands.

VirusTotal

VirusTotal engine telemetry is currently stale for this artifact.

View on VirusTotal

Static analysis

No suspicious patterns detected.