ClawHub

飞书开放平台应用自动化配置

Security checks across malware telemetry and agentic risk

Overview

This skill is not malicious, but it should be reviewed because it can use an admin Feishu session to grant broad app permissions, expose app secrets, and publish live tenant changes with limited safeguards.

Install only if you intentionally want an agent to configure Feishu enterprise apps. Use a test tenant or a dedicated least-privilege admin account, review and remove unnecessary scopes before importing permissions, avoid exposing App Secret in logs or chat, keep secrets out of version control, and manually confirm permission changes and publication steps.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
This section explicitly instructs the user how to reveal and extract the App Secret from the Feishu console, but does not pair that guidance with handling restrictions such as never logging, echoing, storing in shell history, or exposing it to the browser automation output. In the context of an automation skill that connects to an already authenticated browser session, this materially increases the risk of credential disclosure and subsequent unauthorized control of the Feishu app.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The configuration example includes live-looking appSecret fields and operational guidance for multi-account setup without a clear warning that these values are highly sensitive credentials. Even though the examples are placeholders, normalizing the placement of secrets in plaintext config and restart workflows can lead users to store production credentials insecurely, where they may be exposed through files, backups, logs, or version control.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal