Security audit

Feishu Bridge

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Feishu-to-Clawdbot bridge with sensitive but disclosed credential use and optional background startup.

Install only if you trust this machine and are comfortable letting the configured Feishu bot send chat text to your local Clawdbot agent and post replies back. Protect the Feishu secret and Clawdbot config, restrict the bot to intended chats, review the group-response rules, and unload the LaunchAgent when you do not want the bridge running.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Rogue AgentSelf-Modification, Session Persistence
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (6)

Vague Triggers

Medium

Confidence: 88% confidence
Finding: The documented group-chat trigger rules are broad enough to cause unintended bot activation on ordinary messages, which can lead to unnecessary processing, noisy responses, and accidental forwarding of group content to the local Clawdbot/Gateway path. In a chat-bridge context, overbroad triggers increase privacy and operational risk because messages not clearly intended for the bot may still be transmitted and logged.

Missing User Warnings

Medium

Confidence: 81% confidence
Finding: The README explains that messages flow through Feishu cloud, the local bridge, and Clawdbot Gateway, but it does not explicitly warn users that message contents may traverse third-party infrastructure and may also be stored in local logs. This omission can cause operators to deploy the bridge without understanding confidentiality, retention, and compliance implications for sensitive chat data.

Session Persistence

Medium

Category: Rogue Agent
Content: ```bash FEISHU_APP_ID=cli_xxx node setup-service.mjs launchctl load ~/Library/LaunchAgents/com.clawdbot.feishu-bridge.plist ``` ## Diagnostics
Confidence: 86% confidence
Finding: launchctl load

Session Persistence

Medium

Category: Rogue Agent
Content: ```bash FEISHU_APP_ID=cli_xxx node setup-service.mjs launchctl load ~/Library/LaunchAgents/com.clawdbot.feishu-bridge.plist ``` ## Diagnostics
Confidence: 86% confidence
Finding: plist

Session Persistence

Medium

Category: Rogue Agent
Content: // Ensure logs dir fs.mkdirSync(`${HOME}/.clawdbot/logs`, { recursive: true }); const outPath = path.join(HOME, 'Library', 'LaunchAgents', `${LABEL}.plist`); fs.mkdirSync(path.dirname(outPath), { recursive: true }); fs.writeFileSync(outPath, plist); console.log(`✅ Wrote: ${outPath}`);
Confidence: 81% confidence
Finding: plist

Session Persistence

Medium

Category: Rogue Agent
Content: const outPath = path.join(HOME, 'Library', 'LaunchAgents', `${LABEL}.plist`); fs.mkdirSync(path.dirname(outPath), { recursive: true }); fs.writeFileSync(outPath, plist); console.log(`✅ Wrote: ${outPath}`); console.log(); console.log('To start the service:');
Confidence: 81% confidence
Finding: plist

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.