Lark (Feishu) Voice
Security checks across malware telemetry and agentic risk
Overview
This is a simple, disclosed skill for turning text into a Lark voice message, with expected cautions around sending messages and temporary audio files.
Install this if you want the agent to create and send Lark voice messages. Confirm the recipient and spoken content before sending, use a trusted TTS source when prompted, and avoid highly sensitive text unless you are comfortable with generated audio being stored temporarily under /tmp/openclaw/.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
54/54 vendors flagged this skill as clean.