ClawHub

feishu-mention

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do what it claims: it resolves Feishu/Lark @mentions, but it uses local Feishu credentials and caches identity data, so users should treat it as sensitive.

Install this only if you expect the skill to read your OpenClaw Feishu config, use Feishu app credentials to query Feishu bot/member IDs, and cache identity mappings locally. Do not share openclaw.json, appSecret, cache files, or debug logs without redaction, and review messages containing @all or sensitive mentions before sending.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (6)

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill instructs the agent to derive `accountId` from conversation context and states that it reads `~/.openclaw/openclaw.json` to obtain `appId` and `appSecret`, but it does not clearly warn users that local credentials/configuration are accessed. This reduces transparency around sensitive local file access and can lead to unintended credential use in contexts where the operator did not expect the skill to touch local secrets.

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The documentation says mention resolution may inspect configured bots, local cache, or call Feishu APIs to fetch group members, but it does not prominently warn that user/chat/member data may be processed and transmitted to Feishu during resolution. In a messaging context, hidden network lookups against chat membership can expose metadata and broaden the skill's data-handling footprint beyond simple text transformation.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The guide explicitly tells users to print `~/.openclaw/openclaw.json` and inspect `appId` and `appSecret`, which encourages direct exposure of sensitive credentials in terminal history, logs, screenshots, or shared debugging sessions. Even though it is 'just documentation,' instructing operators to reveal secrets without redaction guidance materially increases the risk of credential leakage.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill retrieves full chat member data from Feishu and persists it to disk under the user's home directory cache without encryption, minimization, or explicit consent. This creates a local privacy and data exposure risk: anyone with access to the workstation, backups, or shared cache directory may recover chat membership and user identifiers, and the cache can outlive the immediate task.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The documentation instructs users to place Feishu `appId` and `appSecret` directly in `~/.openclaw/openclaw.json` and does not warn that these are sensitive credentials or recommend any secure storage controls. This increases the chance of accidental credential exposure through source control, backups, logs, screenshots, or overly permissive filesystem access, which could allow unauthorized use of the Feishu integration.

Missing User Warnings

Medium
Confidence
85% confidence
Finding
The resolver persists chat/member metadata to local JSON files under a user home directory without any access control hardening, minimization, or disclosure. In this skill context, that data likely contains names and Feishu open IDs tied to specific chats, so local compromise, shared-workspace access, backups, or logs could expose internal identity and membership information.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal