ClawHub

feishu-quick-setup

Security checks across malware telemetry and agentic risk

Overview

This skill appears to create a Feishu/Lark bot and save its credentials locally as advertised, with sensitive but disclosed setup behavior.

Install only if you intend to create and connect a new Feishu/Lark bot. Expect the skill to contact Feishu/Lark, ask you to approve a Feishu authorization link, and store the returned app ID and app secret in your OpenClaw config; keep that config and any .bak backup private, and review the bot's Feishu permissions after setup.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (5)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill instructs the agent to execute a Node script that performs external Feishu registration/device-flow operations, but the skill metadata does not declare any permissions for network access. Undeclared network capability weakens user awareness and platform policy enforcement, especially because the skill also provisions new credentials and writes them into local config.

Intent-Code Divergence

Medium
Confidence
96% confidence
Finding
The success message states that basic Feishu permissions are already enabled, but this script only saves credentials locally and does not make any remote API call to grant or verify those permissions. This can mislead users into deploying a bot with incorrect assumptions about its capability or security posture, causing failed operation or skipped permission-review steps.

Vague Triggers

Medium
Confidence
83% confidence
Finding
The trigger phrases are broad enough that ordinary requests like 'setup feishu' or '安装飞书插件' may invoke a workflow that creates a brand-new Feishu app, performs network authorization, and persists secrets to config. Because this is a high-impact side-effecting action, ambiguous triggering increases the risk of accidental execution without sufficiently informed user intent.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
Although the body later mentions saving credentials, the top-level description/trigger surface does not prominently warn that the skill creates a new Feishu application and stores newly issued appId/appSecret in the user's configuration. That omission can mislead users about the sensitivity and persistence of the action, reducing informed consent for credential creation and storage.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The script writes newly obtained appId and appSecret directly into the user's OpenClaw config file without any explicit confirmation or warning at runtime. Because these are long-lived credentials, silent persistence increases the chance of users unknowingly storing secrets on disk, in backups, or in shared environments where the config file may be accessible to others.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal