ClawHub

Lark Bot

Security checks across malware telemetry and agentic risk

Overview

This is a coherent Lark bot integration, but it needs review because it can modify a real Lark workspace and includes unsafe credential and webhook handling examples.

Install only if you are comfortable giving an agent access to the configured Lark app. Use a least-privileged test app first, do not print or share tenant access tokens, require LARK_APP_SECRET before running the webhook server, bind it only where needed, and require explicit confirmation before creating, updating, or deleting Bitable or Wiki content.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Intent-Code Divergence

Medium
Confidence
98% confidence
Finding
The webhook sample defines a signature-verification function but never calls it, so any unauthenticated HTTP client can post forged event payloads to the handler. That allows spoofed messages, trigger abuse, and potentially downstream automated actions based on attacker-controlled content.

Intent-Code Divergence

High
Confidence
99% confidence
Finding
The signature verification logic is explicitly disabled when LARK_APP_SECRET is unset, causing the webhook endpoint to trust unauthenticated requests. An attacker can forge webhook events, trigger bot actions, or inject arbitrary message data because the code treats missing security configuration as success instead of failure.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The example prints the tenant access token directly to stdout, which can leak credentials into logs, terminal scrollback, CI output, or support captures. Anyone with access to those logs may be able to reuse the token to call Lark APIs within its validity window.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill documents create, update, and delete operations against Bitable records without warning about destructive effects or recommending safeguards. In an agent setting, this increases the chance of accidental data loss or unintended modification of production records.

Missing User Warnings

High
Confidence
98% confidence
Finding
When LARK_APP_SECRET is unset, authentication is effectively disabled, yet the service starts normally and only prints a mild status message. This makes insecure deployment likely because operators may expose the webhook without realizing that anyone can submit spoofed events.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal