ClawHub

feishu-create-openclaw-app

Security checks across malware telemetry and agentic risk

Overview

This skill is a legitimate Feishu app setup helper, but it automates broad enterprise permissions and tells the agent to reveal a full app secret in chat.

Install only if you are authorized to administer Feishu/Lark enterprise apps. Review and reduce the permission list before applying it, require explicit approval before granting permissions, and avoid letting the agent print the App Secret into chat; copy it directly into a secure configuration or rotate it if it has already been exposed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill explicitly instructs the agent to reveal the App Secret and display the full credential back to the user, but provides no safeguards for secret handling, redaction, or confirmation. Secrets shown in chat transcripts or logs can be copied, retained, or exposed beyond the intended recipient, enabling unauthorized access to the Feishu application.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill bulk-imports a wide set of tenant and user permissions, including messaging, files, documents, HR file download, and spreadsheet access, without any user-facing explanation of scope or least-privilege justification. This can cause over-privileged app creation and unnecessary access to sensitive enterprise data if the app or its credentials are later misused or compromised.

Ssd 3

High
Confidence
99% confidence
Finding
The instructions direct the agent to extract the App Secret, reveal it via the UI, and include the full secret in final output. In an agent setting, this creates a direct secret-exfiltration path into conversational output, logs, and any downstream integrations, substantially increasing the risk of credential compromise.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal