ClawHub

Feishu Img Send

Security checks across malware telemetry and agentic risk

Overview

This skill does send images to Feishu as advertised, but it includes reusable Feishu app credentials and can upload local files and send messages through an app identity the user does not control.

Review before installing. Only use this if you understand that the selected local image will be uploaded to Feishu and sent to the provided recipient, and avoid sensitive files. Prefer a version that requires your own least-privilege Feishu credentials from environment variables, validates file paths and recipients, and asks for confirmation before sending.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Context-Inappropriate Capability

Medium
Confidence
99% confidence
Finding
The script embeds a Feishu app_id and app_secret directly in source code, which exposes reusable credentials to anyone who can read the file, logs, or package contents. Because these credentials can obtain a tenant access token and act against Feishu APIs, this exceeds a simple image-sending helper and creates a real risk of unauthorized API use if the code is shared or deployed broadly.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill sends image files and recipient identifiers to Feishu over external API calls, but the description does not clearly warn users that their data leaves the local environment. This can lead to unintended disclosure of sensitive images, identifiers, and metadata, especially if users assume the tool operates only locally.

Missing User Warnings

High
Confidence
98% confidence
Finding
Using embedded Feishu credentials without any disclosure means the skill can authenticate to a third-party service transparently to the user. This undermines informed consent and makes it easier for operators or downstream users to unknowingly send data or messages through an account they do not control.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The function reads a local image file and uploads its contents to Feishu, which is an external data transfer of potentially sensitive user material. In an image-sending skill this behavior is expected, but without explicit disclosure or consent safeguards it still creates privacy and data-handling risk, especially if invoked indirectly by another agent.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The script sends an image message to a Feishu recipient without any explicit warning, confirmation, or audit trail. Although sending messages is the core purpose of the skill, silent delivery to a user ID can still be abused for unintended communication, spam, or data leakage if the caller supplies the wrong recipient.

Missing User Warnings

High
Confidence
99% confidence
Finding
The script embeds a Feishu app ID and app secret directly in source code and uses them to mint a tenant access token. Hardcoded secrets are dangerous because anyone with access to the skill can extract and reuse them to impersonate the application, send messages, upload content, and abuse the associated Feishu tenant until the credentials are rotated.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The script uploads a local image and sends a message to a specified Feishu user over the network without any confirmation, disclosure, or policy guardrails. In an agent skill context, this creates a real data-exfiltration risk because arbitrary local files passed as the image path may be transmitted to an external service under valid credentials.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal