ClawHub

飞书周报

Security checks across malware telemetry and agentic risk

Overview

The skill matches its weekly-report purpose, but it can read Feishu credentials, fetch chat history, and use local work logs, so users should review the access carefully before installing.

Install only if you trust this skill with Feishu chat records and the local OpenClaw config that contains Feishu app credentials. Use a least-privilege Feishu app, confirm the exact chat IDs and date range before each fetch, and review any workspace memory files it reads or writes.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill invokes shell commands to read local configuration, list workspace files, and run a fetch script, but it declares no corresponding permissions or user-visible capability boundaries. This creates an authorization gap where a report-generation skill can access local secrets and filesystem data without explicit approval or review.

Description-Behavior Mismatch

Medium
Confidence
91% confidence
Finding
The skill includes optional writes to local Daily Memory logs, but that persistence behavior is not disclosed in the main manifest description. Hidden or under-disclosed persistence is risky because users may believe the skill only reads data to produce a report, while it can also store conversation-derived work notes on disk.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill instructs reading Feishu app credentials from a local config file and pulling chat history, yet provides no explicit user-facing warning or consent flow for accessing secrets and potentially sensitive message data. Because chats may contain confidential business information and the config contains authentication material, silent access materially increases the risk of privacy violations and unauthorized data exposure.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The optional Daily Memory write path persists conversation-derived work summaries to local files without a clear warning in the main skill description or a strong consent pattern. Persisting operational notes can create an unreviewed data-retention surface, exposing sensitive project details to later unintended access or reuse.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal