ClawHub

慧科小爱舆情数据同步

Security checks across malware telemetry and agentic risk

Overview

This skill appears to perform the advertised Huike/Xiaoai-to-Feishu sync, but it handles powerful credentials and remote write authority with weak disclosure and local token caching.

Review before installing. Use a dedicated least-privilege Feishu app, test against a non-production Bitable first, avoid overriding the Xiaoai base URL unless you trust the destination, prefer an HTTPS Huike/Xiaoai endpoint if available, and account for local .cache files that may contain a short-lived Feishu token and sync metadata.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The skill can autonomously create Feishu fields and even create entirely new tables when record thresholds are reached, which goes beyond simple data synchronization and materially changes remote state. In an agent-skill context with no metadata or explicit user authorization model, this is dangerous because a misconfigured or abused run can expand schema, create sprawl, bypass expected review, and write data into newly created destinations without operator awareness.

Context-Inappropriate Capability

Medium
Confidence
89% confidence
Finding
The skill defines local cache files for tenant tokens and existing record keys under a predictable .cache directory, persisting authentication-derived and business-state data to disk. This is risky because local filesystem caching can expose sensitive tokens and operational metadata to other local users, backup systems, or later processes, especially when no permission hardening, encryption, or disclosure is present.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The manifest clearly describes transmitting data from a third-party XiaoAi/Huike API into Feishu Bitable and requires multiple sensitive credentials, but it does not disclose network exfiltration behavior, data destinations, or credential handling to the user in a warning or consent-oriented way. This creates a real security and privacy risk because users may supply API secrets and business data without understanding that external systems will be contacted and synchronized.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The code writes the Feishu tenant access token directly to a local JSON file, creating a recoverable bearer credential on disk. If that file is read by another local process, user, malware, or backup/archive system, the token can be reused to access Feishu APIs with the application's privileges until expiry.

Missing User Warnings

Low
Confidence
83% confidence
Finding
The skill caches fetched record keys, total record counts, and max case IDs to disk without disclosure or protection, leaking internal dataset structure and identifiers. While less sensitive than an auth token, this metadata can still reveal business activity patterns, aid enumeration, or expose identifiers that should remain internal.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal