ClawHub

Feishu Common

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Feishu API helper that uses expected Feishu credentials and token caching, with no evidence of hidden exfiltration or destructive behavior.

Install this only for Feishu-related skills you trust. Keep the shared .env file and memory directory private, treat the cached tenant token as sensitive, and avoid using dependent skills that pass non-Feishu URLs into the authenticated request helper.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The skill explicitly loads Feishu application credentials from a shared ../../.env file, giving this module access to secrets outside its own directory without any in-file justification or scope restriction. In an agent-skill setting, shared secret access increases the blast radius if the skill is misused or compromised, and it violates least-privilege expectations.

Context-Inappropriate Capability

Medium
Confidence
88% confidence
Finding
This code performs authenticated outbound requests using a bearer token and exposes a generic fetchWithAuth(url, options) wrapper that can send requests to arbitrary URLs provided by callers. In a skill context with no stated purpose or destination allowlist, this creates a capability for unauthorized external communication and misuse of the Feishu token against unintended endpoints.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The code sends app_id and app_secret to the Feishu token endpoint to obtain a tenant access token, but there is no user-facing disclosure, consent boundary, or visible audit control in this file. While transmitting credentials to the legitimate service is expected for OAuth-style flows, doing so silently inside a reusable skill increases risk in environments where users may not expect the skill to access external secrets and services.

VirusTotal

No VirusTotal findings

View on VirusTotal