ClawHub

飞书群学习分析

Security checks across malware telemetry and agentic risk

Overview

This Feishu chat analysis skill has a plausible purpose, but it embeds reusable Feishu credentials and fixed chat targets while under-disclosing message access and local storage.

Review before installing. Only use this after replacing and rotating the embedded Feishu credentials, confirming the intended chat IDs, getting appropriate workspace and group consent, and deciding whether local memory/log retention and temporary raw message files are acceptable.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
85% confidence
Finding
The skill advertises only high-level functionality in SKILL.md while the analyzed implementation reportedly has capabilities for file read/write, network access, and shell execution without any declared permission model. That gap is dangerous because users and reviewers cannot accurately assess the trust boundary, and these capabilities are sufficient to access chat data, persist sensitive outputs, and invoke arbitrary local commands.

Tp4

High
Category
MCP Tool Poisoning
Confidence
95% confidence
Finding
This is a substantial description-behavior mismatch: the implementation reportedly uses hardcoded Feishu credentials, reads group messages, and writes persistent data locally, while the documentation presents a benign learning-analysis workflow and overstates features like automatic scheduling and recommendation generation. Hidden credential use and undisclosed data collection/storage materially increase risk because users may install the skill without understanding that it accesses external services and persists potentially sensitive chat content.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
The script contains a hard-coded Feishu app ID and app secret and immediately uses them to obtain a tenant access token. Embedding live credentials in distributable code is a real secret-exposure vulnerability because anyone with file access can reuse them to access Feishu APIs within the app's granted scope, and the skill's stated purpose does not justify shipping reusable secrets in plaintext.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README explicitly advertises automatic monitoring of Feishu group messages and periodic analysis, but it does not mention consent, privacy expectations, data retention, or how message content is handled. For a skill that processes group communications, this omission can lead to deployment in ways that violate user expectations, internal policy, or regulatory requirements, increasing the risk of unauthorized surveillance or mishandling of sensitive data.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
Automatic monitoring and analysis of Feishu group messages inherently involves sensitive interpersonal and potentially business data, yet the skill description provides no privacy warning, consent model, or retention disclosure. In this context, the omission is dangerous because the skill targets multi-group monitoring on a recurring basis, which can normalize covert surveillance and unauthorized processing of chat content.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill pulls potentially sensitive Feishu group content and writes derived analysis into a persistent local memory file without any consent, notice, minimization, or retention controls. In a multi-user or shared-host environment, this can expose private group activity and create an unnecessary audit trail of monitored conversations.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal