ClawHub

feishu-image-sender

Security checks across malware telemetry and agentic risk

Overview

This skill does what it advertises by sending screenshots or local images to Feishu, but it handles sensitive screen and file data with too little confirmation, scoping, and cleanup.

Install only if you are comfortable with screenshots and selected local images being copied locally and uploaded to Feishu. Before use, confirm the destination account/chat, review or crop screenshots first, avoid full-screen captures when secrets may be visible, and prefer a version that prompts before sending, uses temporary files, cleans them up, and fixes the python -c path interpolation issue.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (10)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
shutil.copy2(image_path, workspace_path)
        
        # 发送到飞书
        result = subprocess.run([
            sys.executable, "-c", 
            f"from message import message; message(action='send', media='{workspace_path}')"
        ], capture_output=True, text=True)
Confidence
95% confidence
Finding
result = subprocess.run([ sys.executable, "-c", f"from message import message; message(action='send', media='{workspace_path}')" ], capture_output=True, text=T

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The README explicitly promotes taking full-screen, region, and local image captures and sending them to Feishu, but provides no warning that screenshots may contain secrets, personal data, internal documents, or other sensitive information. In an agent skill context, this omission increases the chance of unintentional exfiltration because users may trigger the workflow through natural-language commands without appreciating that captured content is being transmitted off-host.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill is explicitly designed to capture screenshots and send local images to Feishu, which is a data exfiltration pathway. Failing to warn users up front that screenshots and files may contain sensitive information and will be transmitted off-host increases the risk of accidental disclosure of credentials, customer data, internal documents, or other sensitive screen contents.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The automated workflow performs three sensitive actions in sequence: screen capture, file copying into a managed workspace, and outbound transmission to Feishu. Presenting this as a normal one-step flow without an explicit warning or consent checkpoint makes accidental exfiltration much more likely, especially because screenshots can capture secrets from unrelated applications, notifications, or remote sessions.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The local-image send flow accepts an arbitrary image path, copies it into the workspace, and sends it to Feishu without warning about external transmission or persistence in the workspace. This is dangerous because users may unintentionally send sensitive local files or assume the copy is transient when the artifact remains in a known directory.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The script silently copies the supplied image into a fixed workspace path under /Users/bornforthis/.openclaw/workspace before sending it. This creates an undisclosed local data persistence risk: sensitive images may remain on disk in a predictable location, exposing them to other local processes, backups, or later unintended disclosure, especially because the skill context handles user-supplied media.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill captures screenshots and copies user-selected local images into `/Users/bornforthis/.openclaw/workspace`, then transmits them to Feishu, but the top-level description does not clearly warn users that sensitive local content will be copied and exfiltrated to an external messaging platform. In this context, the omission is security-relevant because screenshots and arbitrary local images commonly contain credentials, personal data, internal documents, or other sensitive information.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The script captures a user-selected screenshot and then immediately processes and sends it to Feishu, but it does not present a clear, explicit warning that the captured content will be transmitted off-host. Because screenshots can contain sensitive information such as credentials, internal documents, or personal data, the lack of a transmission/privacy notice increases the risk of unintentional data disclosure.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script captures the entire screen and passes the image to downstream processing that is described as sending it to Feishu, but it provides no explicit consent prompt, preview, redaction step, or warning about sensitive visible content. In an agent/automation context, this increases the risk of unintentionally exfiltrating passwords, internal documents, chats, tokens, or personal data from the user's screen.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The function copies arbitrary image files into a fixed workspace directory and transmits them to Feishu automatically, with no explicit consent, confirmation, or destination validation. This creates a real data exfiltration/privacy risk, especially because local files supplied by the caller are moved into a shared fixed location and then sent out of the local environment.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal