Feishu Voice Skill

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says: it turns text into audio with NoizAI and sends it as a Feishu voice message, with normal credential and privacy risks for that workflow.

Install only if you intend to let the assistant send real voice messages to a specific Feishu chat. Use least-privileged Feishu bot credentials, keep FEISHU_APP_SECRET and NOIZ_API_KEY out of files and logs, verify the chat ID before sending, avoid sensitive or regulated text unless the providers are approved, and add the cron example only if recurring automated messages are desired.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The README instructs users to configure Feishu and NoizAI credentials and send synthesized voice through third-party APIs, but it does not warn that message content and secrets are transmitted to external services. This can mislead users into sending sensitive text or mishandling API keys without understanding the privacy and security implications.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The documentation tells users to configure Feishu and NoizAI credentials and send arbitrary text for TTS, but it does not clearly disclose that message content, chat identifiers, and related metadata will be transmitted to external services. This can lead to inadvertent disclosure of sensitive or personal information, especially if users assume the processing is local.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal