Feishu Send

Security checks across malware telemetry and agentic risk

Overview

This skill is a Feishu media-sending helper that openly uploads selected local files using local Feishu app credentials, with no hidden installer or background behavior found.

Install only if you want an agent to upload selected local files or media to Feishu. Treat Feishu app credentials as secrets, use a least-privileged app/account, set AGENT_NAME deliberately, and verify every file path and chat or user ID before sending.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (8)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The skill is explicitly designed to transmit local images, files, and audio to Feishu, but it does not warn users that selected local data will leave the host and be sent to a third-party service. In an agent setting, this increases the risk of accidental exfiltration of sensitive screenshots, documents, or recordings because operators may not realize the privacy and data-handling implications.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The skill instructs reading Feishu app credentials from a local config file and using them directly in API requests, but provides no warning that these are sensitive secrets that can grant messaging capability. This normalization of secret access, combined with fallback behavior, can lead to unintended use of privileged credentials and broader-than-expected access.

External Transmission

Medium

Category: Data Exfiltration
Content: --- name: feishu-send description: 飞书发送图片/文件/语音。用 curl 调用飞书 API 发送，比 message 工具更可靠。用于需要发送图片、文件、语音到飞书时触发。 --- # Feishu Send
Confidence: 94% confidence
Finding: curl 调用飞书 API 发送，比 message 工具更可靠。用于需要发送图片、文件、语音到飞书时触发。 --- # Feishu Send 用 exec + curl 调用飞书 API 发送图片、文件、语音。 ## 凭证读取规则 ``` 优先读：当前 agent 名字对应的 account 配置防错读：如果读不到，用 main 账户 ``` 调用时通过环境变量注入 agent 名

External Transmission

Medium

Category: Data Exfiltration
Content: ### Step 2: 获取 token ```bash TOKEN=$(curl -s -X POST 'https://open.feishu.cn/open-apis/auth/v3/tenant_access_token/internal' \ -H 'Content-Type: application/json' \ -d "{\"app_id\":\"$APP_ID\",\"app_secret\":\"$APP_SECRET\"}" \ | python3 -c "import json,sys; print(json.load(sys.stdin)['tenant_access_token'])")
Confidence: 92% confidence
Finding: curl -s -X POST 'https://open.feishu.cn/open-apis/auth/v3/tenant_access_token/internal' \ -H 'Content-Type: application/json' \ -d

External Transmission

Medium

Category: Data Exfiltration
Content: ```bash # 发到群聊 curl -s -X POST 'https://open.feishu.cn/open-apis/im/v1/messages?receive_id_type=chat_id' \ -H "Authorization: Bearer $TOKEN" \ -H "Content-Type: application/json" \ -d "{\"receive_id\":\"$CHAT_ID\",\"msg_type\":\"image\",\"content\":\"{\\\"image_key\\\":\\\"$IMAGE_KEY\\\"}\"}"
Confidence: 94% confidence
Finding: curl -s -X POST 'https://open.feishu.cn/open-apis/im/v1/messages?receive_id_type=chat_id' \ -H "Authorization: Bearer $TOKEN" \ -H "Content-Type: application/json" \ -d "{\"receive_id\":\"$CHAT_

External Transmission

Medium

Category: Data Exfiltration
Content: ### Step 4: 发送文件消息 ```bash curl -s -X POST 'https://open.feishu.cn/open-apis/im/v1/messages?receive_id_type=chat_id' \ -H "Authorization: Bearer $TOKEN" \ -H "Content-Type: application/json" \ -d "{\"receive_id\":\"$CHAT_ID\",\"msg_type\":\"file\",\"content\":\"{\\\"file_key\\\":\\\"$FILE_KEY\\\"}\"}"
Confidence: 95% confidence
Finding: curl -s -X POST 'https://open.feishu.cn/open-apis/im/v1/messages?receive_id_type=chat_id' \ -H "Authorization: Bearer $TOKEN" \ -H "Content-Type: application/json" \ -d

External Transmission

Medium

Category: Data Exfiltration
Content: ### Step 4: 发送语音 ```bash curl -s -X POST 'https://open.feishu.cn/open-apis/im/v1/messages?receive_id_type=chat_id' \ -H "Authorization: Bearer $TOKEN" \ -H "Content-Type: application/json" \ -d "{\"receive_id\":\"$CHAT_ID\",\"msg_type\":\"audio\",\"content\":\"{\\\"file_key\\\":\\\"$FILE_KEY\\\",\\\"duration\\\":$DURATION}\"}"
Confidence: 92% confidence
Finding: curl -s -X POST 'https://open.feishu.cn/open-apis/im/v1/messages?receive_id_type=chat_id' \ -H "Authorization: Bearer $TOKEN" \ -H "Content-Type: application/json" \ -d "{\"receive_id\":\"$CHAT_

External Transmission

Medium

Category: Data Exfiltration
Content: # Step 4: 发送 CHAT_ID="oc_87d0d49f1f81f9e1b8dd1d5ad5f9ec72" curl -s -X POST 'https://open.feishu.cn/open-apis/im/v1/messages?receive_id_type=chat_id' \ -H "Authorization: Bearer $TOKEN" \ -H "Content-Type: application/json" \ -d "{\"receive_id\":\"$CHAT_ID\",\"msg_type\":\"image\",\"content\":\"{\\\"image_key\\\":\\\"$IMAGE_KEY\\\"}\"}"
Confidence: 91% confidence
Finding: curl -s -X POST 'https://open.feishu.cn/open-apis/im/v1/messages?receive_id_type=chat_id' \ -H "Authorization: Bearer $TOKEN" \ -H "Content-Type: application/json" \ -d

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal