ClawHub

Feishu Assistant

Security checks across malware telemetry and agentic risk

Overview

This skill transparently sends user-selected images to Feishu using configured Feishu bot credentials.

Install this only if you intend to let an agent use your Feishu bot credentials to upload selected images to Feishu. Before use, verify the local image path and the chat, user, open, or message ID, especially for sensitive images or group chats.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (3)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill documentation describes access to environment variables and outbound network use to Feishu, but it does not declare permissions or clearly constrain those capabilities. Undeclared env and network access reduces transparency and weakens policy enforcement, which can let a skill exfiltrate credentials or send data externally without adequate review.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger phrases like '发送到飞书' or '发到群里' are broad natural-language expressions that can occur in ordinary conversation, increasing the chance of accidental invocation. In this skill's context, accidental activation can cause images and recipient identifiers to be sent to an external messaging platform, creating unintended data disclosure.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill description explains how to send images to Feishu but does not clearly warn users that image content and identifiers such as user_id, open_id, chat_id, or message_id will be transmitted to an external service. This lack of disclosure undermines informed consent and makes accidental sharing of sensitive content more likely, especially because the skill is designed for outbound messaging.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal