ClawHub

Feishu File Upload

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says: it uploads a user-chosen local file to Feishu and sends it to a chosen recipient, with no hidden persistence or unrelated behavior found.

Install only if you trust the Feishu app and tenant. Before each use, confirm the local file path, recipient ID/type, and whether the file is acceptable to upload to Feishu; use least-privilege Feishu permissions and rotate the app secret if it may have been exposed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
82% confidence
Finding
The skill performs sensitive actions requiring environment access and outbound network communication, but it does not declare explicit permissions for those capabilities. That weakens policy enforcement and review, making it easier for a seemingly simple skill to access local configuration and transmit data externally without clear user or platform scrutiny.

Vague Triggers

Medium
Confidence
77% confidence
Finding
The skill description advertises broad triggers around sending or sharing files, which can cause it to activate for common user language without sufficient confirmation of destination, file path, or sensitivity. In a file-upload skill, overly broad invocation increases the chance of unintended disclosure of local documents to external recipients.

Vague Triggers

Medium
Confidence
85% confidence
Finding
Examples like "send file," "upload file," and "share file" are highly generic and lack constraints about platform, recipient, or data sensitivity. Because this skill reads local files and transmits them to Feishu, ambiguous triggering materially raises the risk of accidental exfiltration of sensitive files.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The script is explicitly designed to upload arbitrary local files to an external SaaS platform, but the user-facing execution path does not present a clear warning, confirmation, or allowlist around exfiltrating local content. In an agent skill context, this is more dangerous because an LLM-driven tool may be invoked on sensitive local files without the operator fully appreciating that file contents will leave the host and be delivered to an external recipient.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal