Back to skill

Security audit

飞书消息文件下载

Security checks across malware telemetry and agentic risk

Overview

This Feishu downloader mostly does what it says, but it needs Review because downloaded files can be written using unsanitized filenames that may escape the chosen folder or overwrite local files.

Install only if you trust the Feishu app credentials and the message sources. Use a dedicated low-risk download directory, pass a simple explicit filename when possible, avoid running it in sensitive working directories, and treat downloaded attachments as potentially sensitive corporate or personal data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The skill auto-loads Feishu credentials from environment variables and unrelated local OpenClaw config files, expanding its access beyond the explicit user-supplied download inputs. This creates an unnecessary secret-discovery capability: a user invoking a file download may not expect the tool to inspect local config stores and reuse stored credentials automatically.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README describes downloading message attachments from Feishu to local storage, but the warning language is limited to general privacy/compliance notes and does not clearly emphasize that attachments may contain sensitive corporate or personal data that will be persisted locally. In a messaging context, users may underestimate the risk of local retention, accidental redistribution, or insecure storage of downloaded files.

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.