ClawHub

Feishu Print

Security checks across malware telemetry and agentic risk

Overview

The skill is mostly aligned with printing Feishu files, but it also exposes broad printer control and depends on unbundled Feishu helper code that users cannot review here.

Review this before installing if you use shared printers or handle sensitive Feishu documents. Install only if you trust the missing shared Feishu helper code, understand which Feishu chat/account it can access, set an explicit printer, avoid the cancel-all-printer-jobs command unless intentionally administering that printer, and periodically clean up downloaded files in ~/.openclaw/media/inbound.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
97% confidence
Finding
The skill is scoped as printing files uploaded to a Feishu group chat, but the documentation also instructs the agent to print arbitrary text content and perform printer administration tasks. This broadens the effective capability surface beyond the declared purpose, increasing the chance of misuse, unintended data exfiltration to printers, or abuse of local print resources.

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
Canceling print jobs is an administrative and destructive capability that is not justified by a skill intended only to print Feishu-uploaded files. Exposing this action without strict scoping can let the agent disrupt other users' print jobs or interfere with shared printer operations.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The manifest description includes broad trigger phrases such as "print the file from Feishu" and similar natural-language variants, which may cause over-invocation when user intent is ambiguous. In combination with the skill's expanded print capabilities, loose triggering raises the risk that the agent executes printing actions without sufficiently specific user authorization.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The markdown documents destructive print-job cancellation but provides no warning, ownership restriction, or confirmation step. This makes it more likely that an agent or user could terminate active jobs accidentally or maliciously in a shared printer environment.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal