ClawHub

Feishu Voice Bot

Security checks across malware telemetry and agentic risk

Overview

This skill has a coherent Feishu voice-message purpose, but its helper script can turn crafted voice options or output paths into unsafe local shell execution or file overwrites.

Review before installing. Use only with trusted prompts and confirmed Feishu destinations, and prefer a fixed version that replaces execSync shell strings with spawn or execFile argument arrays, validates voice and rate values, and restricts output files to a safe temporary directory without silent overwrites.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Context-Inappropriate Capability

Medium
Confidence
98% confidence
Finding
The script builds shell command strings with user-controlled inputs (`text`, `voice`, `rate`, and `output`) and passes them to `execSync`, which invokes a shell. Only double quotes in `text` are escaped, while other parameters are unquoted or insufficiently validated, so shell metacharacters can lead to command injection and arbitrary command execution on the host.

Context-Inappropriate Capability

Low
Confidence
90% confidence
Finding
The `--output` parameter allows writing the generated file to an arbitrary filesystem path, and ffmpeg is invoked with `-y`, which will overwrite existing files without prompting. In an agent/skill environment, this exceeds the narrow need of producing a transient voice artifact and can be abused to clobber files accessible to the process.

Vague Triggers

Medium
Confidence
91% confidence
Finding
The invocation guidance is overly broad because it authorizes the skill for essentially any Feishu TTS/voice scenario rather than a narrowly scoped user intent. In an agent setting, this can cause the skill to activate unexpectedly and send synthesized audio when the user did not explicitly request a voice reply, increasing the risk of unintended outbound messaging and privacy-sensitive content being converted and transmitted.

VirusTotal

VirusTotal engine telemetry is currently stale for this artifact.

View on VirusTotal