ClawHub

飞书企业智能中枢

Security checks across malware telemetry and agentic risk

Overview

This skill has no executable payload, but it asks for broad enterprise automation across sensitive Feishu data without clear limits or consent controls.

Review before installing. Use only where Feishu administrators have approved the data sources, automation scope, third-party integrations, and recurring monitoring or reporting behavior.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Intent-Code Divergence

Medium
Confidence
90% confidence
Finding
The skill claims that all data remains within the Feishu enterprise space, yet elsewhere it advertises third-party system integrations and external industry intelligence. This creates a misleading security representation that can cause users to authorize processing under false assumptions, increasing the risk of unintended external data disclosure or compliance violations.

Vague Triggers

Medium
Confidence
82% confidence
Finding
The skill is described as a broad enterprise intelligence hub with capabilities spanning messages, calendars, approvals, documents, and dashboards, but it does not define clear activation scope or trigger constraints. Without explicit boundaries, an agent could over-collect or act on enterprise content too broadly, leading to excessive access, unintended automation, or privacy-impacting behavior.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill advertises automated monitoring of messages, document generation, approval processing, and enterprise analytics without prominent user warnings or consent language. In an enterprise context, these features can process sensitive employee, customer, financial, or operational data, so missing warnings materially increases the risk of covert surveillance, unexpected data use, and regulatory noncompliance.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal