ClawHub

飞书 Markdown 文档发布器:md 文件一键发布、表格自适应渲染、全自动授权移交

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says: it publishes chosen Markdown files to Feishu, but users must be careful with public sharing and ownership-transfer options.

Install only if you intend to upload selected Markdown files and any referenced images to Feishu/Lark. Review files for secrets before publishing, avoid public-read/public-edit unless internet access is intended, verify FEISHU_ADMIN before running, and use a dedicated Feishu app with the narrowest permissions available.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (5)

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README explicitly documents a mode that makes published documents readable by anyone on the internet, but it does not provide a strong warning about accidental external disclosure, data classification, or irreversible exposure once links are shared. In a publishing tool, this can lead users to unintentionally expose sensitive internal content, especially because the feature is presented as a normal usage example rather than a risky operation.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The usage instructions tell the agent to publish a Markdown file to Feishu, but they do not prominently warn that the file's contents will be transmitted off-host to a third-party service. This creates a real risk of accidental exfiltration of sensitive local data if a user or agent treats the action as a local format conversion rather than an external upload.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The documentation actively describes public-read and public-edit sharing modes, including internet-visible editing, without a strong warning that these settings can expose confidential documents or allow unauthorized modification. In context, this skill publishes arbitrary Markdown files and can therefore turn local sensitive content into publicly accessible or editable documents with a single option.

Missing User Warnings

Medium
Confidence
74% confidence
Finding
This function can enable external_access and set sharing so that anyone with a link may view or edit the document, but there is no in-code safeguard, warning, or confirmation around that high-risk transition. In a publishing skill, accidental public exposure of sensitive Markdown content is a realistic confidentiality risk, especially because the same code path supports both internal and public modes.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The script can make a document publicly readable or editable via the --share flag without any confirmation prompt, safety warning, or guardrail. In this skill's context, the published content may come from local Markdown files that users may assume remain private, so a single CLI option can accidentally expose sensitive information to the internet or the whole tenant.

VirusTotal

55/55 vendors flagged this skill as clean.

View on VirusTotal