飞书协同任务读取

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed, read-only helper that formats a local OpenClaw task list for Feishu, with no evidence of network transfer, file mutation, or persistence.

Install only if you are comfortable with Feishu users who can invoke the skill seeing task names, schedules, skill names, and trigger phrases from USER.md. In shared chats, consider narrowing or removing generic triggers like 帮助 and ? and avoid storing secrets or private notes in USER.md.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (4)

Vague Triggers

Medium

Confidence: 91% confidence
Finding: The documented trigger phrases include very generic expressions such as help-like queries and broad task requests, which can easily overlap with normal conversation in Feishu. In a chat-integrated skill, this increases the chance of unintended activation, unexpected disclosure of task/skill inventory, or confusion when the agent responds to ordinary messages as commands.

Vague Triggers

Medium

Confidence: 96% confidence
Finding: The trigger phrase `帮助` / `?` is overly generic, especially `?`, which is common in normal conversation and support requests. This can cause the skill to activate unexpectedly and expose local `USER.md` task metadata in contexts where the user did not explicitly intend to query this skill.

Vague Triggers

Low

Confidence: 87% confidence
Finding: The phrase `有什么技能` is broad and plausibly appears in general assistant conversation, so it may collide with unrelated user requests. In this skill, unintended activation would cause the agent to read and summarize `~/.openclaw/workspace/USER.md`, leaking internal task and capability information beyond the user's specific intent.

Missing User Warnings

Low

Confidence: 87% confidence
Finding: The script reads a user-specific file from the home directory and returns its contents in formatted output without any explicit disclosure, consent check, or access control at the point of use. In this skill's context, USER.md appears to contain personal task and skill metadata, so exposing it on a trigger like '查看任务' can leak private workspace information to any party able to invoke the skill or view Feishu responses.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal