ClawHub

Openclaw San Sheng Liu Bu Lobster

Security checks across malware telemetry and agentic risk

Overview

The skill is a disclosed Feishu task-automation workflow, but it ships active-looking Feishu identifiers and can automatically message users, create cloud docs, update tables, and keep spawned agent sessions.

Review before installing. Replace all bundled Feishu OpenIDs, chat IDs, base links, app/table tokens, and folder tokens with your own approved workspace values. Before running real tasks, require a dry-run list of every recipient, document, table record, and subagent session, and avoid sending sensitive or private content to Feishu unless sharing permissions are verified.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (16)

Context-Inappropriate Capability

Medium
Confidence
92% confidence
Finding
The manifest defines an install script that executes a shell command to recursively copy the entire skill directory into a fixed path under the user's home directory. Even though the command is simple, shell-based install hooks create an execution surface during installation and are unnecessary for a declarative task-management skill, increasing the risk of unintended file overwrite or abuse if packaging contents change.

Context-Inappropriate Capability

Medium
Confidence
86% confidence
Finding
The template explicitly instructs agents to create Feishu documents and, elsewhere in the file, perform broad web search and external sharing, but there is no stated scope, authorization boundary, or data-classification guidance. In an agent skill, these instructions normalize outbound network actions and third-party publication without constraining what content may be uploaded, which can lead to unintended data exfiltration or policy violations.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The README explicitly describes sending direct Feishu messages to individual users by OpenID, but does not mention consent, authorization boundaries, or notification/disclosure requirements. In an agent skill that automates task dispatch, this can enable unsolicited outreach, misuse of internal identifiers, and privacy issues if operators configure or use real employee/user OpenIDs without clear safeguards.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The README advertises automatic Feishu document creation and Bitable updates, but provides no warning that the skill writes data to external systems. This is risky because task contents, generated outputs, or sensitive internal information could be automatically persisted or shared outside the immediate agent context without an explicit approval step.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly automates creation of Feishu documents and updates to Feishu tables, causing task content, generated outputs, and links to be transmitted to an external SaaS platform without any user notice, consent gate, or data classification step. In this context, the workflow is designed to aggregate and publish work products, so the risk of unintentionally exporting sensitive prompts, proprietary material, or internal file paths is real rather than hypothetical.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill requires sending task notifications via Feishu using OpenID-based direct messaging, which exposes identifiers and task details to an external messaging service without warning the user. Because the workflow is centered on dispatching tasks to multiple agents, this can leak personnel identifiers, internal assignments, and potentially sensitive task descriptions beyond the local execution context.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The document contains operational setup guidance for Feishu bots and explicitly references sensitive integration artifacts such as App ID/App Secret acquisition, bot OpenIDs, a group ID, and a base token/link elsewhere in the file, but provides no handling restrictions, redaction guidance, or access-control warnings. In a skill repository, publishing these identifiers and workflow details can aid reconnaissance, unauthorized messaging, target enumeration, or misuse of connected collaboration resources if the linked assets are accessible or combined with other leaked credentials.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The guide mandates writing task output to local files and creating Feishu cloud documents, but it does not require any user consent, data-classification check, or warning that content will be stored outside the immediate agent session. This creates a real risk of unintended disclosure of sensitive prompts, internal documents, or personal data to external persistent storage.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The workflow instructs agents to store Feishu document links, robot names, OpenID values, and task metadata in a centralized Bitable table without warning users or enforcing minimization. Centralized storage of identifiers and document references can expose personal and operational metadata, enable correlation across tasks, and broaden the blast radius if the table is misconfigured or accessed by unintended parties.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The guide explicitly instructs collecting and transmitting operational data such as local file paths, Feishu document links, and OpenIDs into external Feishu documents and tables without any data-classification, minimization, or consent guidance. This can expose sensitive internal metadata, user identifiers, and filesystem structure to broader audiences than intended, increasing privacy and information-leak risk.

Missing User Warnings

Low
Confidence
88% confidence
Finding
The example workflow sends live task progress into a group chat, potentially broadcasting internal task status and document links to all chat participants without warning or access review. While the content is not inherently secret, in practice it may reveal operational timing, assignments, and links that should be limited to authorized recipients.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The template requires creating a Feishu document and sharing its link, but gives no warning that content is being sent to an external collaboration platform or that the link may expose data to others. This omission is dangerous because users or downstream agents may upload reference-derived, internal, or personal content without realizing the privacy and sharing implications.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
This template directs agents to save local files and create Feishu documents from generated content but does not warn about filesystem side effects or external publication. That combination increases the risk of uncontrolled file creation, storage in sensitive paths, and accidental upload of proprietary or personal material to third-party services.

Missing User Warnings

High
Confidence
95% confidence
Finding
The aggregation template instructs recording robot names, OpenIDs, and output links in Feishu tables without any minimization, masking, or sensitivity warning. OpenIDs and related operational metadata can be sensitive identifiers; centralizing them with output links in a shared table creates a clear privacy and enumeration risk if the document is mis-shared or accessed by unauthorized parties.

Missing User Warnings

High
Confidence
96% confidence
Finding
The group notification template includes a roster of robot names and OpenIDs in a potentially shared message without warning that these identifiers may be sensitive. Publishing such identifiers broadly can aid reconnaissance, correlation of internal agents/accounts, and unauthorized targeting, especially when combined with role descriptions and workflow details.

Ssd 3

Medium
Confidence
95% confidence
Finding
The skill instructs the system to record teammate identifiers, robot names, OpenIDs, task names, freeform text, quantities, and output links into shared Feishu documentation and tables, creating a structured data-exposure pipeline. In this skill's context, the data collection is not incidental but built into the normal completion flow, increasing the chance of persistent disclosure of internal metadata and sensitive output locations to broader audiences.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal