ClawHub

Feishu

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed Feishu workplace assistant with broad but purpose-aligned access, read-only defaults, confirmation gates, and no executable install code.

Install only with a dedicated least-privilege Feishu app, keep counselor/read-only mode unless execution is needed, and review any drafted messages, approval actions, calendar changes, or table edits before confirming. Consider using explicit Feishu-scoped requests to avoid accidental activation from ordinary workplace phrases.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger phrase at line 36 ("会议纪要") is broad and can be invoked by ordinary workplace requests without clear intent to activate the skill. In a collaboration tool that processes messages, approvals, and documents, broad activation increases the chance of unintended handling of sensitive enterprise data or unexpected execution in the wrong context.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger phrase at line 37 ("周报生成") is vague and does not define what source data, user role, or Feishu context should be used. Because this skill is positioned as a high-authority workplace coordination layer with tiered execution and message intelligence, ambiguous activation could cause the agent to gather or summarize data from unintended sources.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The example invocations use natural-language phrases like project follow-up, approval chasing, weekly report drafting, and document lookup that are likely to overlap with ordinary user requests. In an instruction-only orchestrator with read/write Feishu capabilities, ambiguous triggering can cause the skill to activate unintentionally and access enterprise data or draft/prepare actions the user did not mean to delegate.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal