Back to skill

Security audit

feishu-sticker

Security checks across malware telemetry and agentic risk

Overview

This Feishu sticker skill mostly does what it says, but it can upload local files and send messages to an automatically inferred recipient without clear user confirmation.

Install only if you are comfortable giving it Feishu app credentials and allowing it to upload selected local files to Feishu. Always pass --target explicitly, avoid using it in workflows where untrusted prompts can choose file paths or recipients, and review the ../../memory token/image caches and shared recipient inference before use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The skill goes beyond simple sticker upload/conversion by selecting a recipient from shared state and then sending a message automatically. That creates an ambient-authority problem: a caller can trigger outbound messaging to prior users/chats without explicitly supplying or confirming the target, which can misdirect messages and leak information or content to unintended recipients.

Context-Inappropriate Capability

Medium
Confidence
96% confidence
Finding
Reading shared context.json and menu_events.json to infer who should receive a message is not necessary for image conversion/upload and exposes cross-skill/session state for action selection. In an agent environment, this can cause data from previous interactions to influence current outbound actions, resulting in unauthorized or surprising sends to other users or chats.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill says it auto-uploads images to Feishu CDN, but it does not prominently warn users that local files are transmitted off-host to an external service. In this context, that omission is security-relevant because users may select sensitive local images assuming only local processing, leading to unintended disclosure of private content.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
If no target is provided, the script auto-detects one and proceeds directly to sendSticker without any warning, preview, or confirmation. This makes accidental or unauthorized message delivery much more likely, especially when running under automation where the resolved target may not be visible to the operator.

VirusTotal

No VirusTotal findings

View on VirusTotal