Back to skill
Skillv1.1.1
VirusTotal security
Feishu Media · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMar 25, 2026, 3:21 PM
- Hash
- 8a025ac81c428f26e09e76f85ad0831a49b7ed87d44973d700bce88835d3a2e7
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: feishu-media-new Version: 1.1.1 The skill instructions in SKILL.md direct the AI agent to perform high-risk operations, including executing shell commands via 'exec' for curl, ffmpeg, and compression tools (zip/tar). Specifically, it provides templates for the agent to handle sensitive Feishu credentials (appId and app_secret) and construct shell-based API calls to 'open.feishu.cn'. While these actions are aligned with the stated purpose of sending media to Feishu, the pattern of using raw shell execution instead of structured tools creates a significant surface for shell injection vulnerabilities if the agent processes unsanitized input.
- External report
- View on VirusTotal