ClawHub

免费版

Security checks across malware telemetry and agentic risk

Overview

This skill appears to be a Feishu content-management helper, but it asks users to share sensitive Feishu credentials in chat and has a confusing Notion-versus-Feishu identity mismatch.

Review carefully before installing. Use it only if you intend to connect Feishu, not Notion. Create a dedicated low-privilege Feishu app and test table, avoid pasting long-lived App Secrets into chat when a secure configuration path is available, rotate any secret already shared this way, and confirm target records before allowing generated topics or metrics updates to be written.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (10)

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The document markets one skill identity ('飞书内容管理中枢' using Feishu) but the installation command and URL point to a differently named Notion skill. This mismatch can cause users or automated tooling to install the wrong package, creating a supply-chain style risk where a user grants permissions or executes a skill they did not intend to trust.

Vague Triggers

Medium
Confidence
92% confidence
Finding
The trigger list is broad enough to match many ordinary planning or content-related requests, which can cause the skill to activate when the user did not intend to use it. In this skill, unintended activation is more risky because the skill may then solicit Feishu credentials or perform external API calls and record operations tied to user content workflows.

Missing User Warnings

High
Confidence
98% confidence
Finding
The setup flow instructs users to paste App ID, App Secret, and the Bitable URL directly into the chat session, which exposes secrets in conversational context and increases the chance of accidental disclosure, logging, or reuse by other tools in the session. Because these credentials authorize Feishu API access, compromise could allow unauthorized reading or modification of the user's content database.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill sends requests to multiple third-party hot-list endpoints without explicit user-facing disclosure or consent, which creates a data-sharing and supply-chain risk. Even if only topic queries are sent, the skill's behavior depends on external unaffiliated services that may be unreliable, privacy-invasive, or maliciously modified, and the returned content can influence downstream recommendations and stored records.

Missing User Warnings

High
Confidence
98% confidence
Finding
The document explicitly instructs users to paste a Feishu App Secret and base link into a chat with the AI assistant. This creates a direct sensitive-secret disclosure path through natural-language interaction, exposing long-lived credentials to the model interface, logs, plugins, operators, or downstream systems beyond the user's intended trust boundary.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The document explicitly states that generated topics can be written directly into Feishu Bitable, but it does not mention any confirmation step, preview, dry-run mode, or warning that the skill will modify user-owned data. In an agent skill context, silent write operations against productivity data stores are risky because incorrect prompts, bad API data, or prompt injection through external content could cause unwanted record creation or corruption.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The suggested trigger phrases are broad, ordinary-language questions without clear activation boundaries. In an agent environment, this can cause unintended invocation during normal conversation, leading the skill to access external APIs or write to connected systems when the user may only be asking generally about tools or workflows.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The example commands describe natural conversation like updating metrics or generating monthly reviews, but they do not specify guardrails, confirmation steps, or excluded contexts. Because the skill can write records and read all Feishu data, ambiguous activation increases the chance of accidental data modification or overbroad data access from casual user utterances.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill instructs users to paste a Feishu App ID and especially the App Secret directly into OpenClaw chat text, which encourages unsafe handling of credentials. Secrets entered into conversational interfaces may be logged, retained, exposed to other tools or operators, or reused outside the user's intended scope, making compromise of the Feishu integration more likely.

Ssd 3

High
Confidence
99% confidence
Finding
This is a true sensitive-data handling issue because the skill workflow normalizes sending a privileged API secret to an AI assistant in plain conversation. In the context of an agent skill, this is more dangerous than ordinary documentation error because the assistant may retain, transmit, or misuse the credential to access and modify the user's Feishu data store.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal