ClawHub

Feishu IM Read

Security checks across malware telemetry and agentic risk

Overview

This is an instruction-only Feishu message-reading skill with sensitive but disclosed capabilities, so users should keep its use narrowly scoped.

Install only if you want an agent to use your Feishu authorization to read chats and fetch message resources. When using it, specify the exact chat, person, keyword, date range, and whether attachments or thread replies should be included.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
86% confidence
Finding
The trigger conditions include broad everyday terms such as "聊天记录", "消息", and "图片", which can cause the skill to activate in contexts where the user did not explicitly intend to read Feishu messages or download message resources. Because this skill can access historical chats, search across conversations, and fetch attached files under the user's identity, accidental invocation increases the risk of unintended exposure of sensitive communications and files.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill documentation describes reading chat history, cross-chat search, and downloading message resources, but it does not instruct the agent to surface privacy/security warnings or obtain clear user confirmation before performing these actions. In this context, the absence of explicit consent and risk signaling is dangerous because the skill operates with the user's privileges and can expose private conversations, attachments, and data from multiple chats.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal