ClawHub

Feishu File Sender

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says: it sends a user-chosen local file to Feishu, but users should verify the file and recipient before running it.

Install only if you intend to let this skill upload selected local files to Feishu. Before each run, verify the exact file path, receiver ID, receiver type, and bot permissions; avoid using it for secrets or private documents unless the destination is trusted.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (4)

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill description and usage text do not clearly warn that invoking the script will upload a local file to Feishu and send it to an external recipient. In a file-sending skill, this omission is especially dangerous because users may provide sensitive local paths without realizing the contents will leave the host and be delivered to third parties.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script uploads a local file and exchanges application credentials with external Feishu APIs, but it provides no explicit consent prompt, allowlist, or warning about data leaving the local environment. In an agent skill context, this increases the risk of unintended exfiltration of sensitive local files or metadata if the skill is invoked on the wrong path or by an untrusted workflow.

External Transmission

Medium
Category
Data Exfiltration
Content
# 1. Get Tenant Access Token
echo "🔑 Getting access token..."
TOKEN_RESPONSE=$(curl -s -X POST "https://open.feishu.cn/open-apis/auth/v3/tenant_access_token/internal" \
    -H "Content-Type: application/json" \
    -d "{\"app_id\": \"$FEISHU_APP_ID\", \"app_secret\": \"$FEISHU_APP_SECRET\"}")
Confidence
90% confidence
Finding
curl -s -X POST "https://open.feishu.cn/open-apis/auth/v3/tenant_access_token/internal" \ -H "Content-Type: application/json" \ -d

External Transmission

Medium
Category
Data Exfiltration
Content
# 3. Send message
echo "📨 Sending message..."
SEND_RESPONSE=$(curl -s -X POST "https://open.feishu.cn/open-apis/im/v1/messages?receive_id_type=$RECEIVER_TYPE" \
    -H "Authorization: Bearer $TOKEN" \
    -H "Content-Type: application/json" \
    -d "{
Confidence
97% confidence
Finding
curl -s -X POST "https://open.feishu.cn/open-apis/im/v1/messages?receive_id_type=$RECEIVER_TYPE" \ -H "Authorization: Bearer $TOKEN" \ -H "Content-Type: application/json" \ -d

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal