ClawHub

Feishu Voice (ElevenLabs)

Security checks across malware telemetry and agentic risk

Overview

This skill mostly matches its Feishu voice purpose, but it can send Feishu replies on the user’s behalf without clear approval, chat limits, or opt-in boundaries.

Review before installing. Use this only in Feishu spaces where sending bot replies and sending audio to ElevenLabs are acceptable. Configure least-privilege Feishu permissions, store app secrets and API keys securely, avoid copying secrets into shell history or logs, and require human approval or tight chat scoping before enabling smart reply behavior.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Context-Inappropriate Capability

Medium
Confidence
95% confidence
Finding
The documentation instructs reading `appId` and `appSecret` directly from a local OpenClaw config file in the user's home directory. That encourages the skill to access unrelated local secrets outside normal explicit user provisioning, which expands its scope from voice processing into credential harvesting and could expose Feishu bot credentials to logs, subprocesses, or other components.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The setup commands copy a sensitive Feishu app secret into environment variables without any warning about secret handling, shell history, process exposure, or logging risks. In the context of a skill that already uses multiple external tools and shell commands, this increases the chance that credentials are leaked during debugging, command inspection, or downstream subprocess execution.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script uploads the provided audio file to ElevenLabs for transcription, which is an external third-party service, but it provides no user-facing notice, consent check, or data-handling warning before transmitting potentially sensitive voice content. In a messaging skill that may process incoming Feishu voice messages, this increases privacy and compliance risk because users may not expect their audio to leave Feishu and be sent to ElevenLabs.

External Transmission

Medium
Category
Data Exfiltration
Content
[ ! -f "$AUDIO_FILE" ] && echo "ERROR: File not found: $AUDIO_FILE" >&2 && exit 1

RESULT=$(curl -sf "https://api.elevenlabs.io/v1/speech-to-text" \
  -H "xi-api-key: $ELEVENLABS_API_KEY" \
  -F "model_id=scribe_v1" \
  -F "file=@$AUDIO_FILE")
Confidence
96% confidence
Finding
https://api.elevenlabs.io/

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal