Feishu Upload Image

Security checks across malware telemetry and agentic risk

Overview

The skill does the stated Feishu image upload job, but it also stores a Feishu app bearer token in a shared temporary file without documenting that persistence.

Review before installing. Use this only with images you intentionally want to upload to Feishu and with Feishu app credentials you are authorized to use. The main issue to consider is the undocumented token cache in /tmp; a safer version should store tokens in a private permission-restricted location, avoid persistence, or clearly document and control that behavior.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (4)

Context-Inappropriate Capability

Medium

Confidence: 92% confidence
Finding: The script reads Feishu credentials from a local secrets file (`openclaw.json`) even though the skill is presented as a simple local-file-to-image-key helper. This creates an implicit secret dependency and can surprise users by accessing stored credentials without clear disclosure, increasing the risk of unintended credential use in shared or multi-tenant environments.

Missing User Warnings

Low

Confidence: 89% confidence
Finding: The skill explicitly reads Feishu app credentials from openclaw.json or environment variables, but the description does not clearly warn users that sensitive secrets will be accessed. This can lead to unintentional credential exposure or misuse in environments where users do not expect the skill to consume application secrets.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The script accesses a local secrets file to retrieve `appId` and `appSecret` without any user-facing disclosure at runtime. This is risky because users may believe they are only uploading a file they specify, while the script also consumes stored credentials from disk, which weakens transparency and can violate least surprise and least privilege expectations.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The script uploads a local file to Feishu over the network without an explicit warning or confirmation beyond the tool description. Because the file contents leave the local system, this can cause accidental exfiltration of sensitive images if users misunderstand the behavior or provide the wrong path.

VirusTotal

62/62 vendors flagged this skill as clean.

View on VirusTotal