Lp3
Medium
- Category
- MCP Least Privilege
- Confidence
- 70% confidence
- Finding
- Without declared permissions the skill's intent is opaque and cannot be validated.
Feishu Group Thread Reply
Security checks across malware telemetry and agentic risk
Overview
This skill openly patches local OpenClaw Feishu files so group chat replies go into threads, with no evidence of hidden data access or exfiltration.
Before installing, confirm you want local OpenClaw Feishu behavior changed for all group replies. Run the check-only commands first, consider backing up the affected files on production systems, and only add the heartbeat auto-reapply steps if you want the patch restored after plugin updates.
SkillSpector
By NVIDIA
Vulnerability Patterns
- MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (1)
VirusTotal
64/64 vendors flagged this skill as clean.