Back to skill

Security audit

Feishu Image

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do what it claims, but it sends images to Feishu using app credentials and has under-scoped URL and credential handling that should be reviewed before install.

Review before installing. Use only with images and Feishu recipients you intend to share externally, avoid --url for untrusted or internal URLs, and provide least-privilege Feishu credentials scoped specifically for this skill.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
90% confidence
Finding
The script accepts an arbitrary user-supplied URL and downloads it over HTTP or HTTPS with no allowlist, content-type validation, size limits, timeout handling, or redirect/IP restrictions. This creates an SSRF-style primitive and can be abused to access internal services, fetch unexpected content, or cause resource exhaustion before the file is uploaded onward to Feishu.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README describes uploading and sending a local image to Feishu but does not clearly warn users that the specified file and recipient identifier are transmitted to an external third-party service. This can lead to unintended disclosure of sensitive local files or metadata, especially if users assume the skill operates only locally or do not realize the privacy implications.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill explicitly supports a `--url` parameter and states it will automatically download and send a network image, but it does not warn users that invoking the skill causes an outbound network fetch. This can mislead users about the skill's behavior and creates SSRF-style risk, unintended access to internal resources, or exfiltration via fetching attacker-controlled URLs in environments with privileged network access.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The configuration section lists `FEISHU_APP_ID` and `FEISHU_APP_SECRET` but does not disclose that the skill uses these credentials to authenticate to Feishu and send content to external recipients. This omission reduces transparency around secret usage and outbound messaging, increasing the chance of unintended data transfer or misuse in environments where operators may not expect external delivery.

Missing User Warnings

Medium
Confidence
82% confidence
Finding
The skill silently loads secrets from a shared ../../.env file, pulling credentials from outside the skill boundary without any disclosure or explicit user consent. In a shared agent environment, this can give the script access to broader credentials than expected and makes security review and least-privilege scoping harder.

VirusTotal

VirusTotal engine telemetry is currently stale for this artifact.

View on VirusTotal