ClawHub

feishu paper manager

Security checks across malware telemetry and agentic risk

Overview

This is a coherent design-only skill for a Feishu paper-ingestion bot, with privacy and bulk-update risks that should be scoped before real deployment.

Before installing or using this to build a real bot, restrict the Feishu app to the intended paper-sharing chat, cloud-docs folder, and table; protect the OpenClaw handoff endpoint; avoid logging message excerpts, sender identifiers, and download URLs; and require review before taxonomy backfills rewrite many existing rows.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill explicitly instructs the bot/workflow to download message attachments, persist files into Feishu cloud docs, write metadata into a table, and post status messages, but it does not require any user-facing notice, consent gate, or data-handling disclosure before those side effects occur. Because inputs originate from chat messages and may contain private papers, copyrighted PDFs, personal metadata, or sensitive links, silent persistence and redistribution can create privacy, compliance, and data-retention risks.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The contract explicitly includes personal and tenant-scoped identifiers such as sender.user_id, sender.name, chat_id, message_link, and context.tenant_id in the normalized payload, but provides no guidance on data minimization, consent, retention, logging restrictions, or disclosure boundaries. In a paper-ingestion workflow, these fields can unnecessarily propagate identifiable workplace metadata into downstream systems, increasing privacy exposure and cross-system data leakage risk.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The documented workflow sends message-derived content to OpenClaw and uploads artifacts into Feishu cloud docs, but it does not require any user notice, consent boundary, or data-classification check before transmission. In a paper-ingestion bot, users may post copyrighted PDFs, private preprints, or sensitive message content, so silently forwarding and storing that data across services creates a real privacy and compliance risk rather than a purely documentation-level issue.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The threshold-triggered taxonomy review performs bulk backfills of historical rows without any requirement for confirmation, preview, audit logging, or rollback. Because tags and classification metadata are likely user-facing and searchable, automatic mass modification can corrupt records, break workflows that depend on stable labels, and cause integrity issues at scale if the review logic misclassifies content.

VirusTotal

56/56 vendors flagged this skill as clean.

View on VirusTotal