ClawHub

Feishu Agent

Security checks across malware telemetry and agentic risk

Overview

Feishu Agent is a disclosed Feishu/Lark integration that handles sensitive tokens and can modify calendar or todo data, but those capabilities match its stated purpose.

Install only if you trust the external @teamclaw/feishu-agent package and are authorized to connect it to your Feishu workspace. Use least-privilege app permissions, keep ~/.feishu-agent/config.json private with user-only filesystem permissions, avoid shared machines or synced backups for that file, rotate tokens if exposed, and require explicit review before an assistant deletes calendar events or changes todos.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The README explicitly documents storing the Feishu app secret, user access token, and refresh token in a global plaintext config file under the user's home directory. This increases the risk of credential exposure through weak filesystem permissions, backups, shared accounts, malware, or accidental disclosure, and the documentation provides no warning about the sensitivity of these secrets or safer storage options.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The skill explicitly documents storing an app secret, user access token, and refresh token in a local plaintext-style config file under the user's home directory, but does not warn about secret handling, file permissions, or use of a secure credential store. In an agent context, these credentials enable access to calendars, contacts, and todo data, so compromise of the file could expose sensitive organizational information and permit unauthorized actions.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal