ClawHub

Feishu Notify

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says: it sends user-requested Feishu/Lark webhook messages, but users should protect webhook URLs and use confirmations for sensitive channels.

Install only if you are comfortable letting an agent post to the configured Feishu chats. Store webhook URLs with restricted permissions, do not commit them, rotate exposed URLs, and ask the agent to preview destination and message content before sending sensitive or important notifications.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill documentation describes file reads from a user config file and outbound network transmission to Feishu webhooks, but no declared permissions are present. This creates a permission-transparency gap: users and policy systems may not realize the skill can access local secrets and send data externally.

Vague Triggers

Medium
Confidence
86% confidence
Finding
The trigger example 'Notify the team about the meeting at 3 PM' is a broad natural-language phrase that could match ordinary conversation and activate the skill unintentionally. Because activation leads to external messaging behavior, accidental triggering could cause unintended disclosure or spam to real Feishu channels.

Missing User Warnings

High
Confidence
98% confidence
Finding
The skill explicitly states that the agent can call it autonomously and send messages without explicit confirmation, enabling external network actions based on model inference alone. This is dangerous because sensitive or mistaken user content could be transmitted to third-party Feishu webhooks without informed consent.

Ssd 3

Medium
Confidence
97% confidence
Finding
The documented workflow permits user-provided content to be transmitted to Feishu webhooks without explicit confirmation. In context, this is more dangerous because the skill's core purpose is exfiltrating content to external endpoints, so any prompt injection, misunderstanding, or accidental activation directly results in data leaving the system.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal