ClawHub
Back to skill

Security audit

AIPing Media

Security checks across malware telemetry and agentic risk

Overview

This skill does what it advertises: it generates media with AIPing, stores outputs in /tmp, and can send them through Feishu using user-provided credentials.

Install only if you are comfortable sending prompts and generated media to AIPing and sending selected media to Feishu. Use least-privilege Feishu app permissions, protect the API keys, verify the open_id or chat_id before sending, avoid phone/email lookup unless authorized, and clear sensitive generated files from /tmp when finished.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill declares required environment variables and clearly relies on network and credential use, but it does not declare corresponding permissions. This creates a permission-transparency gap: a user or platform may underestimate that the skill can access secrets and transmit data externally, which increases the chance of unintended credential use and outbound data flow.

Vague Triggers

Medium
Confidence
93% confidence
Finding
The auto-trigger description is very broad, covering common phrases like generating images or videos, which can cause the skill to activate during ordinary conversations. Because activation leads to external API calls, local file downloads, and Feishu delivery, accidental triggering can expose user prompts and generated media to third parties without clear intent.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The description says media will be automatically downloaded locally and sent to Feishu, but it does not foreground the privacy implications of sending user content to external services and storing it under /tmp. Users may not realize prompts, media, and recipient identifiers are being transmitted and temporarily stored.

External Transmission

Medium
Category
Data Exfiltration
Content
")

# 按手机号查 open_id(换成你的手机号,含国家码如 +8613800138000)
curl -s "https://open.feishu.cn/open-apis/contact/v3/users/batch_get_id?user_id_type=open_id" \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"mobiles": ["你的手机号"]}' | python3 -m json.tool
Confidence
82% confidence
Finding
curl -s "https://open.feishu.cn/open-apis/contact/v3/users/batch_get_id?user_id_type=open_id" \ -H "Authorization: Bearer $TOKEN" \ -H "Content-Type: application/json" \ -d

External Transmission

Medium
Category
Data Exfiltration
Content
-F "image=@/tmp/image.jpg" | python3 -c "import sys,json;print(json.load(sys.stdin)['data']['image_key'])")

# 3. 发送图片
curl -s -X POST "https://open.feishu.cn/open-apis/im/v1/messages?receive_id_type=chat_id" \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d "{\"receive_id\": \"oc_xxx\", \"msg_type\": \"image\", \"content\": \"{\\"image_key\\": \\"$IMAGE_KEY\\"}\"}"
Confidence
84% confidence
Finding
curl -s -X POST "https://open.feishu.cn/open-apis/im/v1/messages?receive_id_type=chat_id" \ -H "Authorization: Bearer $TOKEN" \ -H "Content-Type: application/json" \ -d "{\"receive_id\": \"oc_xx

External Transmission

Medium
Category
Data Exfiltration
Content
-F "file=@/tmp/video.mp4" | python3 -c "import sys,json;print(json.load(sys.stdin)['data']['file_key'])")

# 3. 发送视频(msg_type 是 "media",content 里 type 是 "video")
curl -s -X POST "https://open.feishu.cn/open-apis/im/v1/messages?receive_id_type=chat_id" \
  -H "Authorization: Bearer $TOKEN" \
  -H "Content-Type: application/json" \
  -d "{\"receive_id\": \"oc_xxx\", \"msg_type\": \"media\", \"content\": \"{\\"file_key\\": \\"$FILE_KEY\\", \\"type\\": \\"video\\"}\"}"
Confidence
84% confidence
Finding
curl -s -X POST "https://open.feishu.cn/open-apis/im/v1/messages?receive_id_type=chat_id" \ -H "Authorization: Bearer $TOKEN" \ -H "Content-Type: application/json" \ -d

VirusTotal

67/67 vendors flagged this skill as clean.

View on VirusTotal