Feishu Voice (ListenHub)
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The Feishu voice-message workflow is mostly purpose-aligned, but one helper script can run unintended local code if given a crafted language argument.
Before installing, fix or avoid the list-speakers.sh language argument issue, verify the ListenHub/Marswave API endpoint, and use least-privilege Feishu credentials. Confirm the recipient and message text before sending, and do not use the skill for sensitive content unless the external service data handling is acceptable.
Static analysis
Static analysis findings are pending for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent or a user passes an attacker-controlled language value, the helper could run commands with the user's local privileges.
The command-line language value is inserted directly into Python source code instead of being passed as data. A crafted value containing a quote and Python statements could execute local code.
LANGUAGE="${1:-}" ... echo "$RESP" | python3 -c "... lang_filter='$LANGUAGE' ..."Validate the language argument against an allowlist such as zh/en, and pass it to Python via sys.argv or an environment variable instead of interpolating it into python -c source.
A wrong recipient, wrong chat ID, or unintended text could result in a Feishu bot message being sent immediately.
The script immediately sends an audio message to the supplied Feishu receive_id after generating and uploading the audio.
RESULT=$(curl -sS -X POST "https://open.feishu.cn/open-apis/im/v1/messages?receive_id_type=$RECEIVE_ID_TYPE" ... "msg_type":"audio")
Confirm the recipient ID, recipient type, and message text before invoking the send script, and consider adding an explicit confirmation step in agent workflows.
These credentials can authorize real Feishu message-sending and file-upload actions if exposed or misused.
The skill requires a ListenHub API key and Feishu app credentials with permissions to upload files and send bot messages; it also documents reading the Feishu app secret from local OpenClaw config.
ListenHub API key ... Feishu app with `im:message:send_as_bot` and `im:file` permissions ... extract from openclaw config ... `$HOME/.openclaw/openclaw.json`
Use a dedicated least-privilege Feishu app, protect the app secret and API key, avoid logging environment variables, and rotate credentials if they are exposed.
Setup may fail unexpectedly, and users may not get platform-level warnings about the credentials the skill needs.
The metadata under-declares dependencies and credentials that SKILL.md and the scripts require, so installation or review tooling may not surface the needed binaries and secrets.
Required binaries (all must exist): none ... Required env vars: none ... Primary credential: none
Declare ffmpeg/ffprobe, curl, python3, LISTENHUB_API_KEY, FEISHU_APP_ID, and FEISHU_APP_SECRET in the skill metadata.
Message content may be processed by external services as part of the TTS and delivery workflow.
The message text is placed into a TTS request and sent to the external ListenHub/Marswave API before the generated audio is sent through Feishu.
API_BASE="https://api.marswave.ai/openapi/v1" ... 'content': sys.argv[2] ... -d @"$TMPDIR/req.json"
Avoid sending sensitive text unless you trust the provider and have verified that api.marswave.ai is the intended ListenHub API endpoint and acceptable under your data-handling policy.