free-feishu-voice

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do what it advertises: generate voice audio and send it to a configured Feishu chat, with normal credential, network, and dependency risks to manage.

Install only if you are comfortable sending the message content, generated audio, recipient ID, and Feishu app credentials to Feishu. Use a least-privilege Feishu app, protect the local config file containing the app secret, verify the chat ID before running, and consider manually installing or pinning `edge-tts` in a controlled environment instead of relying on runtime auto-installation.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (7)

Intent-Code Divergence

Medium

Confidence: 81% confidence
Finding: The documentation says missing dependencies are checked and users are prompted, but the Edge TTS script actually performs an automatic pip installation. This is dangerous because it causes an undeclared system modification and network retrieval of code at runtime, which can surprise users and violate least surprise and change-control expectations.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The usage instructions do not clearly warn that message text, generated audio, credentials-derived tokens, and uploaded media are transmitted to external Feishu services. This can mislead users about data handling and cause accidental disclosure of sensitive content to third-party infrastructure.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The Edge TTS script automatically runs pip3 install edge-tts when the module is missing, but the surrounding documentation does not warn users that executing the script may install software. Automatic dependency installation increases supply-chain and environment-integrity risk, especially on shared or managed systems.

External Transmission

Medium

Category: Data Exfiltration
Content: # ===================== 核心逻辑 ===================== # 获取令牌 echo "🔑 获取飞书访问令牌..." TOKEN=$(curl -s -X POST "https://open.feishu.cn/open-apis/auth/v3/tenant_access_token/internal" \ -H "Content-Type: application/json" \ -d "{\"app_id\":\"$APP_ID\",\"app_secret\":\"$APP_SECRET\"}" \ | jq -r '.tenant_access_token // empty')
Confidence: 97% confidence
Finding: curl -s -X POST "https://open.feishu.cn/open-apis/auth/v3/tenant_access_token/internal" \ -H "Content-Type: application/json" \ -d

External Transmission

Medium

Category: Data Exfiltration
Content: # 发送消息 echo "📨 发送语音消息..." SEND_RESPONSE=$(curl -s -X POST "https://open.feishu.cn/open-apis/im/v1/messages?receive_id_type=open_id" \ -H "Authorization: Bearer $TOKEN" \ -H "Content-Type: application/json" \ -d "{\"receive_id\":\"$CHAT_ID\",\"msg_type\":\"audio\",\"content\":\"{\\\"file_key\\\":\\\"$FILE_KEY\\\"}\"}")
Confidence: 96% confidence
Finding: curl -s -X POST "https://open.feishu.cn/open-apis/im/v1/messages?receive_id_type=open_id" \ -H "Authorization: Bearer $TOKEN" \ -H "Content-Type: application/json" \ -d

External Transmission

Medium

Category: Data Exfiltration
Content: # ===================== 核心逻辑 ===================== # 获取令牌 echo "🔑 获取飞书访问令牌..." TOKEN=$(curl -s -X POST "https://open.feishu.cn/open-apis/auth/v3/tenant_access_token/internal" \ -H "Content-Type: application/json" \ -d "{\"app_id\":\"$APP_ID\",\"app_secret\":\"$APP_SECRET\"}" \ | jq -r '.tenant_access_token // empty')
Confidence: 97% confidence
Finding: curl -s -X POST "https://open.feishu.cn/open-apis/auth/v3/tenant_access_token/internal" \ -H "Content-Type: application/json" \ -d

External Transmission

Medium

Category: Data Exfiltration
Content: # 发送消息 echo "📨 发送语音消息..." SEND_RESPONSE=$(curl -s -X POST "https://open.feishu.cn/open-apis/im/v1/messages?receive_id_type=open_id" \ -H "Authorization: Bearer $TOKEN" \ -H "Content-Type: application/json" \ -d "{\"receive_id\":\"$CHAT_ID\",\"msg_type\":\"audio\",\"content\":\"{\\\"file_key\\\":\\\"$FILE_KEY\\\"}\"}")
Confidence: 96% confidence
Finding: curl -s -X POST "https://open.feishu.cn/open-apis/im/v1/messages?receive_id_type=open_id" \ -H "Authorization: Bearer $TOKEN" \ -H "Content-Type: application/json" \ -d

VirusTotal

60/60 vendors flagged this skill as clean.

View on VirusTotal