ClawHub

feishu-agents

Security checks across malware telemetry and agentic risk

Overview

This skill performs a real Feishu-to-Agent setup, but it asks for sensitive credentials and changes Gateway configuration without enough safeguards.

Install only if you administer the target OpenClaw Gateway and intend to bind a Feishu app. Do not paste real App Secrets into shared chat; back up the existing config, verify the target agent, use least-privilege Feishu credentials, and explicitly approve any config write or Gateway restart.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill is designed to write user-supplied Feishu credentials into local configuration and restart the Gateway, but it does not clearly warn that this modifies persistent system state and causes a service restart. In an agent setting, hidden state changes and restarts can disrupt running services, apply attacker-supplied credentials, and create unintended operational or security consequences.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill asks users to provide an App Secret without warning that it is a sensitive credential or describing how it will be handled, stored, or protected. This increases the chance that secrets are exposed in chat history, logs, command history, or configuration files, enabling credential theft and unauthorized access to the Feishu integration.

Ssd 3

Medium
Confidence
97% confidence
Finding
The skill explicitly instructs the agent to collect user-supplied App Secret credentials and use them for automated configuration, which creates a direct secret-handling path through the agent. This is dangerous because an agent may expose the secret through prompts, memory, logs, config files, or downstream tooling, and the subsequent automated binding and restart amplify the effect of malicious or mistaken input.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal