Skillv0.1.0

ClawScan security

Murasame Feishu Voice · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 19, 2026, 5:31 PM

Verdict: suspicious
Confidence: high
Model: gpt-5-mini
Summary: The skill mostly does what it says (send Feishu voice bubbles from local audio files) but the package metadata omits required credentials/dependencies, it delegates to a missing external sender script, and it reads/writes hard-coded local paths — these inconsistencies warrant caution.
Guidance: Key things to consider before installing: - Metadata mismatch: the registry lists no required env vars but the code needs FEISHU_APP_ID, FEISHU_APP_SECRET and FEISHU_RECEIVER — confirm the author updates metadata and document required secrets. - Missing dependency: the script delegates voice sending to feishu-voice/scripts/send_voice_file.py which is not included. Ask the author for that file and inspect it before running (it will execute asynchronously and could do anything if malicious). - Hard-coded Windows paths: the workspace and audio path are fixed to C:\Users\chenxun\.nanobot\workspace — verify or change these paths before use and ensure audio files exist and are trusted. - Local file writes: the skill writes a state file and a debug file containing message text to the workspace. If you have privacy concerns, run in a sandbox or change the paths. - Credentials safety: only provide your Feishu app credentials to this skill if you trust the code; consider using a limited-scope app/receiver and rotate credentials after testing. - Operational check: request the missing sender script, confirm ffmpeg/ffprobe availability, and test in a controlled environment before enabling for real conversations.

Review Dimensions

Purpose & Capability: noteThe skill's declared purpose (send Feishu voice bubbles using a Murasame voicepack) matches the behavior in the scripts: it selects local MP3s, sends text and uploads audio to Feishu APIs. Requiring Feishu credentials and a local audio path is expected. However the registry metadata lists no required env vars or credentials while SKILL.md and the code do require FEISHU_APP_ID/FEISHU_APP_SECRET and FEISHU_RECEIVER — that mismatch is unexpected.
Instruction Scope: concernSKILL.md and the code instruct the agent to read/write files in a hard-coded Windows workspace (C:\Users\chenxun\.nanobot\workspace), manage a state file, and write a debug text file containing message text. The main send operation is delegated to an external script (feishu-voice/scripts/send_voice_file.py) which is not included in the package; this delegation creates an opaque runtime dependency that could execute arbitrary behavior if present. Aside from Feishu endpoints (expected), there are no other network endpoints.
Install Mechanism: okThere is no install spec (instruction-only + included scripts). Nothing is downloaded or installed by the skill itself. Code files are provided directly, so no external installer risk is present in the package — but the missing external sender script is an unresolved dependency.
Credentials: concernThe code requires FEISHU_APP_ID, FEISHU_APP_SECRET, and FEISHU_RECEIVER (and optionally MURASAME_VOICE), and references ffmpeg/ffprobe and a specific local audio path. The skill registry metadata, however, declares no required env vars/credentials — an incoherence. The required Feishu credentials are proportionate to the feature, but the metadata omission and hard-coded Windows paths reduce clarity and portability.
Persistence & Privilege: okThe skill does not request always:true and does not modify other skills. It writes a local state file and a debug file under the workspace path and spawns an async subprocess to send voice. Those are limited, local effects and within the normal scope for this functionality.