Feishu Merged Msg

Security checks across malware telemetry and agentic risk

Overview

The skill appears to fetch Feishu forwarded messages as claimed, but it tells the agent to read and expose Feishu app credentials from local configuration.

Review before installing. Use it only if you are comfortable letting the agent access Feishu app credentials and retrieve forwarded-message contents. Prefer a version that receives credentials through a managed secret mechanism, does not print secrets, avoids command-line secrets, and uses the minimum Feishu read-only scope.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (2)

Context-Inappropriate Capability

Medium

Confidence: 98% confidence
Finding: The documentation tells the agent to extract Feishu app credentials directly from a local OpenClaw config file, expanding the skill from message retrieval into secret access. Even if used for a legitimate API call, this creates a generic secret-harvesting pattern that can expose reusable credentials and normalize reading sensitive local configuration without explicit authorization.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The skill accesses sensitive Feishu credentials from disk without warning about secret handling, storage, redaction, or output safety. In an agent setting, this increases the chance that secrets are exposed in logs, command history, error output, or downstream model context, which could lead to credential compromise and broader API abuse.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal