ClawHub

Feishu Cli Chat

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate Feishu chat-management helper, but it gives an agent broad user-token access to private chats and group-management actions without enough scoping or safeguards.

Install only if you trust the local feishu-cli setup and are comfortable letting the agent use a logged-in Feishu account to access chats. Use explicit chat names, message IDs, keywords, and time ranges, and require manual confirmation before deletes, group updates, pin/unpin, reactions, or member changes. Avoid bulk exports of chat history and remove temporary JSON files when they are no longer needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
86% confidence
Finding
The trigger conditions are overly broad and explicitly allow automatic activation even when the user did not clearly ask to inspect chat records. In a skill that can read private messages, search chats, inspect groups, and perform message interactions, broad invocation rules increase the chance of unintended access to sensitive communications and over-collection of user data.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill enables high-sensitivity actions including reading private chats, browsing group history, searching messages, and looking up users, yet the documentation lacks any user-facing privacy notice, consent boundary, or data-minimization guidance. In this context, omission of privacy and authorization safeguards is dangerous because the skill is specifically designed to access communications content that may involve third parties and confidential business information.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal