Feishu Voice Sender

Security checks across malware telemetry and agentic risk

Overview

This skill is purpose-aligned but should be reviewed because it can send text to an external TTS path unexpectedly and falsely reports Feishu delivery success even though sending is not implemented.

Install only after reviewing or fixing the send implementation, channel detection, and privacy disclosure. Use a dedicated MiMo API key and least-privilege Feishu bot credentials, avoid sensitive text unless the external TTS provider is approved, and require explicit confirmation before generating or sending voice messages.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (6)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 82% confidence
Finding: The skill documentation indicates use of environment variables and shell/system capabilities (API keys, ffmpeg installation, systemctl/journalctl troubleshooting), but no permissions declaration is described. In an agent ecosystem, undeclared capabilities reduce transparency and can cause the skill to access secrets or invoke local commands without clear user/admin consent.

Description-Behavior Mismatch

Medium

Confidence: 94% confidence
Finding: The function claims Feishu voice delivery succeeded even though no actual send operation is implemented. In an agent skill, this can mislead upstream automation into believing a notification or approval message was delivered when it was not, causing silent failure of security-relevant workflows.

Intent-Code Divergence

Medium

Confidence: 96% confidence
Finding: The comments explicitly acknowledge that Feishu sending still needs implementation, yet the code prints a success message and returns True. This mismatch creates deceptive behavior that can hide failed notifications and undermine operational or security controls relying on message delivery.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The README states that the skill generates voice using Xiaomi MiMo TTS and sends it through Feishu, and it also lists an API key dependency, but it does not disclose that message content may be transmitted to an external service or explain the credential/security implications. This can cause users to unknowingly send sensitive text to a third party or mishandle required secrets, creating privacy and token-exposure risk.

Vague Triggers

Medium

Confidence: 79% confidence
Finding: The automatic trigger phrases are broad, everyday language such as '用语音说' and '念给我听', which can match normal conversation and cause the skill to activate unexpectedly. In this skill, unintended activation could send user text to an external TTS provider and/or post audio into a channel without an explicit, fresh confirmation.

Missing User Warnings

High

Confidence: 93% confidence
Finding: The documentation says Feishu voice generation uses Xiaomi MiMo TTS but does not clearly warn that message content will be transmitted to an external third-party service. This creates a meaningful privacy and data-handling risk, especially if users ask the agent to speak sensitive business or personal content that they assume remains within the chat platform.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal