ClawHub

飞书语音回复

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent Feishu voice-reply helper, but users should know it runs local media tools, sends text to Edge TTS, and leaves generated audio files in the workspace.

Install only if you want agents to generate Feishu voice replies by sending message text through Edge TTS, converting the audio with ffmpeg, storing MP3/OGG files in the workspace, and then using a Feishu messaging tool to send the OGG as a voice message. Do not use it for secrets, regulated data, or sensitive internal content unless that handling is acceptable, and ask the publisher to remove the merge-conflict markers and document dependencies and retention behavior.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
90% confidence
Finding
The skill instructs use of shell-capable tooling (`python3`, `ffmpeg`) but does not declare the permissions or capabilities needed. This weakens security boundaries and reviewability because an agent may invoke command execution unexpectedly, increasing the risk of misuse or execution of unsafe inputs through the build pipeline.

Tp4

High
Category
MCP Tool Poisoning
Confidence
97% confidence
Finding
The skill claims it sends Feishu-native voice replies, but the documented behavior only builds audio files locally and returns filesystem paths. This mismatch can mislead operators and downstream agents into believing delivery occurred, while sensitive generated audio artifacts are retained on disk, creating confidentiality and workflow-integrity risks.

Vague Triggers

Medium
Confidence
79% confidence
Finding
The trigger language is broad enough to activate this skill for generic requests about voice playback or spoken summaries outside the intended Feishu context. Over-broad invocation can cause unintended audio generation, unnecessary shell execution, and storage of user-derived voice files when a simpler or safer response path would have sufficed.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The script sends user-provided text to the external edge-tts service, which is network-backed, without any in-code disclosure, consent check, or data-sensitivity guard. If users provide secrets, internal content, or personal data expecting local processing, this can cause unintended data exfiltration to a third-party service.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal