ClawHub

Feishu Meeting Call

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Feishu urgent-reminder tool that handles sensitive credentials and can trigger real phone-call escalations, but those behaviors match its stated purpose.

Install only if you trust the publisher and are comfortable giving this skill a Feishu App Secret that can send urgent messages and phone-call escalations through your Feishu app. Limit the Feishu app's available users and permissions, keep .feishu.env private and out of source control or shared workspaces, and confirm intent before using phone-call escalation or looking up other people by phone/email.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (7)

Lp3

Medium
Category
MCP Least Privilege
Confidence
94% confidence
Finding
The skill uses powerful capabilities including shell execution, environment access, file read/write, and network calls, but does not declare permissions or clearly constrain their use. This weakens reviewability and consent, making it easier for a user or platform to underestimate the skill's access to secrets and its ability to persist credentials locally and contact external services.

Tp4

High
Category
MCP Tool Poisoning
Confidence
97% confidence
Finding
The declared purpose emphasizes sending urgent Feishu reminders, but the skill also performs identity lookup via phone/email and persists sensitive credentials and user identifiers to a local config file. That broader behavior materially changes the privacy and security profile because it handles secrets and personal data beyond what a user may reasonably infer from the description.

Description-Behavior Mismatch

Medium
Confidence
92% confidence
Finding
The skill's stated purpose is sending urgent reminders, but it also includes user identity lookup by phone/email and persistent local credential storage. These added capabilities increase the data-access and secret-handling scope beyond the declared function, creating unnecessary privacy and credential exposure risk if the skill is used in broader agent contexts.

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
The code can query Feishu contact data using email or phone to resolve open_id values, which is more invasive than a reminder-only skill needs. This expands access to personal contact information and can enable unintended user enumeration or privacy violations if invoked without clear authorization.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The changelog explicitly advertises a feature that can place real phone calls to a user's mobile device, but the visible documentation here does not indicate any explicit consent, confirmation, or warning requirement before triggering that action. In a messaging/meeting skill, initiating real calls is a sensitive side effect that can cause user harm, harassment, or abuse if invoked unexpectedly or by mistake.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The save-config command writes the Feishu App Secret to disk in a local .feishu.env file without an explicit warning, increasing the chance that operators store long-lived credentials insecurely. Even with chmod 600, secrets on disk can be exposed through backups, workspace sharing, misconfigured mounts, or accidental inclusion in source control.

Credential Access

High
Category
Privilege Escalation
Content
| `--app-id` | 飞书应用 App ID | - |
| `--app-secret` | 飞书应用 App Secret | - |
| `--user-id` | 用户 open_id | - |
| `--path` | 配置文件保存路径 | 技能根目录/.feishu.env |

## 常见错误排查
Confidence
84% confidence
Finding
.env

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal