ClawHub

🎙️ 飞书语音条生成

Security checks across malware telemetry and agentic risk

Overview

This skill does what it says, but it can automatically send Feishu voice messages through a configured account with broad triggers and weak confirmation/privacy disclosure.

Install only if the agent is allowed to send Feishu messages on your behalf. Use explicit recipient selection and confirmation before sending, avoid sensitive content unless the TTS provider and Feishu data handling are acceptable, and consider narrowing or disabling the broad automatic triggers.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Intent-Code Divergence

Medium
Confidence
95% confidence
Finding
The README explicitly claims the skill will not upload audio to third-party servers, but earlier configuration examples show use of external TTS providers such as Edge TTS and OpenAI. In practice, text and possibly generated audio or metadata may be sent off-platform, so this is a misleading security/privacy claim that can cause users to expose sensitive content under false assumptions.

Vague Triggers

Medium
Confidence
87% confidence
Finding
The automatic trigger phrases include broad everyday expressions such as '语音消息' and '语音条', which can appear in normal conversation and unintentionally invoke the skill. Because the skill's action is to generate and send an outbound Feishu voice message, accidental triggering can cause unintended external communications and user confusion.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The introduction highlights voice generation and automatic sending but does not clearly warn users that the skill performs an external messaging action on their behalf. In an agent ecosystem, failing to disclose outbound actions reduces informed consent and increases the risk of unintended transmission of sensitive or embarrassing content.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The trigger phrases are extremely generic for a messaging assistant and can match ordinary user requests such as '用语音回复' or '语音消息', causing the skill to activate outside narrowly intended contexts. Because this skill sends outbound Feishu voice messages and suppresses text output with NO_REPLY, accidental activation can lead to unintended message delivery or duplicate/hidden communications.

Vague Triggers

Medium
Confidence
89% confidence
Finding
The trigger phrases are broad, generic, and phrased in natural language that could easily match ordinary user conversation about sending voice replies or voice messages. In an agent environment, this can cause unintended skill activation, leading the agent to generate and potentially send audio content when the user was only discussing the topic rather than explicitly invoking the skill.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal