飞书语音
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: feishu-voice-lobster Version: 1.0.0 The skill bundle is classified as suspicious due to its reliance on system-level commands and network interactions, which, while seemingly aligned with its stated purpose, introduce significant attack surface. Specifically, `SKILL.md` instructs the agent to execute `apt-get update && apt-get install -y ffmpeg`, granting package management capabilities, and uses multiple `curl` commands to interact with external APIs (Feishu, ElevenLabs) and download files. Although these actions are necessary for the skill's functionality (voice processing and integration), the ability to execute arbitrary shell commands and make network requests represents a high-risk capability that could be exploited if the agent's input is compromised or if the skill's instructions were subtly altered for malicious intent. There is no clear evidence of intentional malicious behavior like data exfiltration to unauthorized endpoints or persistence mechanisms.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the Feishu app secret or token is misused, the bot may be able to send messages or access message media within its granted scope.
The workflow requires Feishu app credentials and permissions to send messages and access media resources. This is expected for the stated integration, but it grants real Feishu workspace authority.
`appSecret: '你的appSecret'` ... `im:message` - 消息收发 ... `im:resource` ... `im:resource:download`
Use the minimum Feishu permissions needed, protect app secrets and tokens, avoid pasting real secrets into shared logs or chat, and revoke credentials if exposed.
Voice messages may leave Feishu/OpenClaw and be processed or logged by ElevenLabs according to that provider's policies.
Feishu voice files are uploaded to ElevenLabs for transcription, and the example explicitly enables provider logging. This is aligned with the skill purpose, but it affects voice-data privacy.
`https://api.elevenlabs.io/v1/speech-to-text?enable_logging=true` ... `-F file=@/path/to/voice.ogg`
Disclose this to affected users, review ElevenLabs retention/logging settings, and use a no-logging option if available and appropriate.
Running the setup command may require elevated privileges and will install software on the host system.
The setup instructions include installing ffmpeg with the system package manager. This is expected for audio conversion, but it modifies the local environment.
`apt-get update && apt-get install -y ffmpeg`
Run package-install commands only after user approval, from trusted package repositories, and preferably in a contained environment.
Private audio files could remain on disk after transcription or synthesis if they are not deleted.
The skill stores temporary voice files in the OpenClaw workspace. That is reasonable for conversion, but the artifact does not describe cleanup or retention.
`临时语音文件: /root/.openclaw/workspace/`
Use per-task temporary filenames, delete voice files after processing, and avoid retaining private audio longer than necessary.