ClawHub

Lark / Feishu Skill via OpenAPI MCP servers (300+ tools)

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Lark/Feishu MCP integration, but it gives broad workspace access and persists sensitive MCP URLs with limited safety guidance.

Install only if you intend to let the agent operate against Lark/Feishu workspace data. Use narrowly scoped MCP service URLs, treat LARK_MCP_SERVERS like a secret, keep .env out of version control, and require manual confirmation before sending messages, editing documents, or changing tasks/calendars.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The skill explicitly instructs the agent to solicit MCP server URLs from the user and persist them into a workspace `.env` file. That expands the skill from using existing configuration to handling and storing potentially sensitive connection material locally, which can expose secrets to source control, other tools in the workspace, or later unintended reads.

Vague Triggers

Medium
Confidence
74% confidence
Finding
The skill description grants very broad authority over high-impact Lark resources including user data, chats, emails, documents, tasks, and calendars without clear scope limits or invocation guardrails. In practice, such breadth increases the chance of overbroad use, unsafe tool selection, or accidental access/modification of sensitive enterprise data when the skill is invoked.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill tells the agent to update `.env` with user-provided configuration but does not warn that this modifies workspace files or that MCP service URLs may be sensitive. This can lead to silent persistence of credentials or sensitive endpoints in locations that may be committed, shared, or accessed by unrelated processes.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal