ClawHub

Lead Processor

Security checks across malware telemetry and agentic risk

Overview

This lead-processing skill has a coherent business purpose, but it embeds Feishu credentials and can update Feishu tables and post lead data to a fixed group without clear user confirmation.

Review before installing. Remove and rotate the embedded Feishu secret, require credentials from secure environment configuration, verify the exact Feishu table and group recipients, restrict the Feishu app to least-privilege scopes, and add a dry-run or explicit confirmation step before updating records or sending reports.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (7)

Context-Inappropriate Capability

Medium
Confidence
99% confidence
Finding
The file contains hardcoded Feishu application credentials, including a default app secret, which can be reused by anyone with access to the code to obtain tenant access tokens and act against the associated Feishu tenant. Because the skill also includes data-read, data-write, and messaging functions, exposure of these credentials enables unauthorized API access, data tampering, and message sending.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly writes analysis results into Feishu tables and sends reports to a Feishu group, but provides no user-facing warning, confirmation gate, or disclosure boundary for that outbound data handling. Because the workflow also involves browsing customer websites and collecting structured lead details, this can cause unintended external sharing of scraped business data and analyst-generated summaries.

Natural-Language Policy Violations

Medium
Confidence
81% confidence
Finding
The skill forbids certain phrases and questions, forcing a communication style without user consent. While not directly a data-security flaw, it can suppress clarifying questions and make the agent less likely to seek approval before sensitive actions, increasing the chance of unsafe or opaque behavior.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill explicitly states it will read customer URLs, analyze customer websites, write results into Feishu tables, and send reports to a Feishu group, but it does not warn users that customer-derived data will be transmitted to external Feishu services. This creates a real transparency and data-handling risk because users may provide or process customer information without understanding where the analyzed data will be stored or shared.

Missing User Warnings

High
Confidence
99% confidence
Finding
The code embeds default Feishu app credentials directly in source and automatically transmits them to Feishu to obtain an access token. Hardcoded secrets are a real security issue because anyone with code access can extract and reuse them to access the associated Feishu tenant, and the fallback behavior means the skill may operate with live credentials even when no secure configuration is provided.

Ssd 3

Medium
Confidence
97% confidence
Finding
The skill embeds live-looking Feishu identifiers and a specific group destination, then instructs the agent to send analysis results there. This creates a direct natural-language path for exfiltrating collected data to an external collaboration channel, especially risky because the destination is preconfigured and the user is not asked to confirm recipients.

Ssd 3

Medium
Confidence
95% confidence
Finding
The required output includes detailed contact clues, evidence summaries, and business signals, and the workflow then writes and publishes those results to external Feishu systems. This combination encourages broad collection and onward disclosure of potentially sensitive or personal business information beyond what is strictly necessary for lead classification.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal