ClawHub

feishu-send-file

Security checks across malware telemetry and agentic risk

Overview

This skill transparently sends user-selected files or images through Feishu/Lark, but users should handle the Feishu app secret and chosen file contents carefully.

Install/use this only if you trust it to upload selected local files or images through your Feishu/Lark app. Confirm the exact file path and recipient before execution, avoid sending sensitive files unintentionally, and avoid logging or displaying commands that include the app_secret. Prefer least-privilege Feishu credentials or a safer secret-injection method when possible.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill documentation clearly instructs use of shell commands and outbound network access, yet the manifest does not declare corresponding permissions. This creates a capability transparency gap: agents or reviewers may underestimate what the skill can do, including reading local config and transmitting files/secrets to external services.

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The AI assistant example uses interpolated variables inside an exec-formatted shell command, which can lead to command injection if any argument contains shell metacharacters or untrusted content. Because these variables include file paths, user identifiers, and credentials, exploitation could result in arbitrary command execution and secret exposure.

Context-Inappropriate Capability

Medium
Confidence
91% confidence
Finding
The documentation directs the assistant to extract app credentials from a local secrets file, expanding the skill from file sending into local secret retrieval. That creates an unnecessary secret-access capability and increases the chance of credential misuse, exfiltration, or accidental disclosure.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill tells users/agents to handle app_id and app_secret directly but provides no warning about secret sensitivity, storage, logging, or transmission risks. In practice this encourages insecure secret handling and makes leakage more likely during execution, debugging, or output rendering.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The example shows network transmission of a file using embedded credentials, but omits safety warnings about sending local data to a third party and exposing secrets through command lines or logs. This is dangerous because assistants may follow the example verbatim and unintentionally transmit sensitive files or reveal credentials.

Ssd 3

High
Confidence
97% confidence
Finding
Instructing the assistant to retrieve application secrets from a local config file and immediately use them in outbound workflows is a strong secret-disclosure anti-pattern. It broadens the skill’s power from messaging to credential harvesting, which could be abused to access unrelated resources or silently exfiltrate secrets.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal