Back to skill

Security audit

feishu-files

Security checks across malware telemetry and agentic risk

Overview

This skill is a small Feishu file-sending helper whose sensitive credential use is visible and aligned with its purpose.

Install only if you intend to let the agent send selected local files through your configured Feishu app. Confirm the file path and recipient open_id before running commands, keep the App Secret and tenant token confidential, avoid pasting them into logs or chat, and use the least Feishu permissions needed for media/message sending.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

Low
Confidence
94% confidence
Finding
The skill’s stated purpose is to send files to Feishu, but the documented procedure also reads app credentials from a local configuration file and exchanges them for an access token. While this may be functionally related to using the Feishu API, it expands the skill’s privilege boundary and exposes sensitive credential-handling behavior that is not clearly disclosed in the manifest.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The instructions direct the agent to read Feishu app secrets from /root/.openclaw/openclaw.json, which is sensitive local configuration material. Having a skill pull secrets from disk based only on user intent to send a file creates a clear secret-access risk and can normalize overbroad access patterns that could be repurposed for credential theft or misuse.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill accesses app credentials and transmits them to Feishu’s token endpoint without any warning, consent flow, or discussion of how secrets are handled. Even if the destination is legitimate, silent handling of long-lived credentials increases the chance of accidental disclosure, misuse, or insecure reuse in logs, shell history, or downstream tools.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The README instructs users to obtain and use a Feishu App Secret but provides no guidance on secure handling, storage, or avoidance of accidental disclosure. In a skill that integrates with external messaging APIs, this can lead users to paste secrets into insecure locations, commit them to the skill directory, or expose them in logs, enabling unauthorized access to the Feishu app.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.